Skip to end of metadata
Go to start of metadata

Download PDF Document

2018-08-16

For All Mediatrix Units

v. 43.0.1125


1 Generating a Private Key

Steps

  1. Enter openssl genrsa -aes256 -out your_device.key 2048

    Note

    The following step is optional.

  2. Enter cp your_device.key your_device.key.orig
  3. Enter openssl rsa -in your_device.key.orig -out your_device.key to remove the passphrase.
    Example
    [root@localhost mycert]# cp 192.168.1.31.key 192.168.1.31.key.orig
    [root@localhost mycert]# openssl rsa -in 192.168.1.31.key.orig -out 192.168.1.31.key
    Enter pass phrase for 192.168.1.31.key.orig:
    writing RSA key 
    
    [root@localhost mycert]#

Result

A private key is generated with:
  • a length of 2048 bits
  • encryption with a 256 bit AES algorithm.

The output filename is your_device.key.

Next Step

2 Creating a Certificate Signing Request (CSR) from a Private Key

2 Creating a Certificate Signing Request (CSR) from a Private Key

Steps

  1. Enter openssl req -new -key your_device.key -out your_device.csr -sha256

Result

A CSR is generated from the private key created in the Generating a Private Key procedure with a SHA256 signature algorithm. This is a result example.

[root@localhost mycert]# openssl req -new -key 192.168.1.31.key -out 192.168.1.31.csr -sha256
Enter pass phrase for 192.168.1.31.key:
You are about to be asked to enter information that will be incorporatedinto your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blankFor some fields there will be a defaultvalue,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[XX]:CA
State or Province Name (full name[]:Quebec
Locality Name (eg, city) [Default City]:Montreal
Organization Name (eg, company) [Default Company Ltd]:Media5
Organizational Unit Name (eg,section)[]:TAC
Common Name (eg, your name or your server's hostname)[]:192.168.1.31
Email Address[]:tac@media5corp.com
 
Please enter the following 'extra'attributes
to be sent with your certificate request
A challenge password []
:An optional company name []:
[root@localhost mycert]#

Next Step

4 Signing the CSR by a Third Party Certificate Authority (CA) 3 Signing the CSR file by Your Own Certificate Authority (CA) 5 Self-signing the CSR File

3 Signing the CSR file by Your Own Certificate Authority (CA)

Use this procedure if your certificates are signed by a Certificate Authority you have access to.

Steps

  1. Enter openssl x509 -req -extfile host_ext.cnf -extensions host_ext -sha256 -days 3652 -in your_device.csr -CA CA.crt -CAkey CA.key -CAserial CA.srl -out your_device.crt

    Note

    • CA.key is the private key of your CA
    • CA.crt is the CA’s public certificate
    • CA.srl is the serial number file
    • 3652 days is the validity period of the certificate
    • host_ext.cnf defines the usage of the certificate. It contains:
      [ host_ext ]
      basicConstraints = CA:false
      keyUsage = digitalSignature, keyEncipherment, dataEncipherment
      extendedKeyUsage = serverAuth, clientAuth

Result

This is a result example.
[root@localhost mycert]# openssl x509 -req -extfile host_ext.cnf -extensions host_ext -sha256 -days
3652 -in 192.168.1.31.csr -CA CA.crt -CAkey CA.key -CAserial CA.srl -out 192.168.1.31.crt
Signature ok
subject=/C=CA/ST=Quebec/L=Montreal/O=Media5/OU=TAC/CN=192.168.1.31/emailAddress=tac@media5corp.com
Getting CA Private Key
Enter pass phrase for CA.key:
root@localhost mycert]#
When the certificate will be imported to the Mediatrix unit, the information defined for the keyUSage of the host_ext.cnf file will be displayed in Management>Certificates/Host Certificates table, under the Usage column.

Next Step

6 Combining the Private Key and the Signed Certificate

4 Signing the CSR by a Third Party Certificate Authority (CA)

Use this procedure if your certificates are signed by a Certificate Authority you do not have access to.

Steps

  1. Send your CSR to the Third Party Certificate Authority agency responsible for signing your Certificate Signing Request.

    Note

    VeriSign or Entrust are examples of Third Party Certificate Authority Agencies.

Next Step

6 Combining the Private Key and the Signed Certificate

5 Self-signing the CSR File

Use this procedure if your certificates are self-signed, i.e. security is not an issue.

Steps

  1. Enter openssl x509 -req -extfile host_ext.cnf -extensions host_ext -sha256 -days 3652 -in your_device.csr -signkey your_device.key -out your_device.crt

    Important

    The command must be entered on a single line, otherwise it will not work.

    Note

    host_ext.cnf is a file containing the following which defines the usage of the certificate:

    [ host_ext ]
    basicConstraints = CA:false
    keyUsage = digitalSignature, keyEncipherment,dataEncipherment
    extendedKeyUsage = serverAuth, clientAuth

Next Step

6 Combining the Private Key and the Signed Certificate

6 Combining the Private Key and the Signed Certificate

Context

The host certificate required by the Mediatrix contains two parts: the private key and the signed certificate.

Steps

  1. Enter cat your_device.key your_device.crt > your_device.pem

Result

This is a result example:
[root@localhost mycert]# cat 192.168.1.31.key 192.168.1.31.crt > 192.168.1.31.pem
[root@localhost mycert]# more 192.168.1.31.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAuxKDO66oKOigcHQ1r1lnXLiQT9R0oQkE/ppODo9vXZVsc8D6
uyFldRoDnm6wBHbbrhLgBfsZ5nVHwZ2KCsjJB2THehDXUskLS/4EWMveLcrzGygH
+qjHArwYmYQdEQrYrd/RqkDgnR2j9gocZBRXBfAWYtLgacJe4xlPy317JyR7YrlL
Qfv2hZAXqSdutmYJCysO405oEv1Dv7kfIDQvxP74Qsh0JgmW4Kq0eQdkfo+Xkwlp
pIdYyIHi+5TgWz4YoMRbZHZfKF+VdwOGAeSy2X+QCmHP81GR+SPefHzzn9oUk0Ha
DpjAPgKWUaaJPHrC8k+gsu6WiO+dCRcUWnX47QIDAQABAoIBAQCnEMFia3iCED44
L5BCKPXGOI2ovXPq3MM5HVTYbABo8ykHtzA0Ln8NNU5GD1PiqMNHklO/A6D9z39l
yeud9fKSR85dlOy3YhRUqWX4ZxjkjHrPpdB6aoBQUOsnLnVG4wjfPyNfiNEPf4kO
EbmJJyEQjHlxiCIiUROsfM5mTInPSZ3Glgm9l3gRZCBBLLf6js+NilYYi2ASyw6i
F1+Kxw0KTvxKa1TR0HYH35urPW528dFyZp8/f2QUUSM4aN5uQrKj8jDwEOIORsW6
+ybzMOpIbbS2I+cbmtDgr5KjjlE1+7dMY3K/hUmUkE+FPZiJf3v8vFFsRucAQCxq
1lg33ogBAoGBAOjZLXyIiz1ORC/poRyMEhQ8xRUQaZiI279/J7N426F1G4An8yUl
8Qcmj2PXraLwnl6kX08Mmul7DN78BD0C7LSKK17PIFMH3NV8vWM8eWaE7nP9EqAJ
l0LtOgN2t+WeNL/Mc551XeBCCG9Ifg+pfnjF8kDPjqTe+8U4BEt4dYQxAoGBAM2s
K9vLoXoxJ5Oay+ojTMYSuqPfEIND9WuzUJvLAjtgJGKUJsXYUnk5zVZ2IYRMt2EV
nCuAsemwComgDfLimcAEhUzGURG6t0pB7u2FWYiLm+ZJquCxl66p7zrQ/3hc2Q+Y
61mJ3lEay/IIrksS807PCk/k8q9tmGOYg7mQcP19AoGATzg8coceIFB1gHuTFdxN
9laqkr0PwBan9OH1BumSh78JCTQOVFAxTcZ/uG9TowEMUJTJ3GIkflUgDuldI8jP
8aikktATZkxhhLy4zn9vqkKFwi6S3KIGtX1yZGVKsbN+rNaJa5rwwnCU4A+g3AFF
hx+JiSVUmaFHtVSWmXq1OLECgYAomyRxmauA33GL39UAngWLWalFr0WoVOOAZv+0
Mol3RY0JdWyORR5LVtEmj94gK7FM1qJlqFv34kzCTTpTyM9ILNxQgxsAYBfN7mSI
unopzj5yYfr9r7Jdxqk3uImnrtUgEjXtEJ427w5y86nNoqks1w2XJoGPhxi+GR9w
pIbaVQKBgBX/k9qc/wXf8uI6R650Jn8HiFFI0nr6brscnmd0OD7bJPf2b4tKv1ap
CwSWj/BxYt9agncccXyEG8vHVLCtJYNYHJ/+OwID0ttN9dLE2fLPV1sgigMSY9oP
R9KrLT+LPKL1V11s033vuLcD6jOknH2klKNRsNyxjGt+of0YxRaw
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIJAOcfWOxpBWD+MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD
VQQGEwJDQTEPMA0GA1UECAwGUXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEPMA0G
A1UECgwGTWVkaWE1MQwwCgYDVQQLDANUQUMxFjAUBgNVBAMMDTE5Mi4xNjguMS4y
MjYxITAfBgkqhkiG9w0BCQEWEnRuZ0BtZWRpYTVjb3JwLmNvbTAeFw0xNTEyMDEx
MTQ4MThaFw0yNTExMzAxMTQ4MThaMIGKMQswCQYDVQQGEwJDQTEPMA0GA1UECAwG
UXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECgwGTWVkaWE1MQwwCgYD
VQQLDANUQUMxFTATBgNVBAMMDDE5Mi4xNjguMS4zMTEhMB8GCSqGSIb3DQEJARYS
dGFjQG1lZGlhNWNvcnAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuxKDO66oKOigcHQ1r1lnXLiQT9R0oQkE/ppODo9vXZVsc8D6uyFldRoDnm6w
BHbbrhLgBfsZ5nVHwZ2KCsjJB2THehDXUskLS/4EWMveLcrzGygH+qjHArwYmYQd
EQrYrd/RqkDgnR2j9gocZBRXBfAWYtLgacJe4xlPy317JyR7YrlLQfv2hZAXqSdu
tmYJCysO405oEv1Dv7kfIDQvxP74Qsh0JgmW4Kq0eQdkfo+XkwlppIdYyIHi+5Tg
Wz4YoMRbZHZfKF+VdwOGAeSy2X+QCmHP81GR+SPefHzzn9oUk0HaDpjAPgKWUaaJ
PHrC8k+gsu6WiO+dCRcUWnX47QIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQE
AwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEL
BQADggEBAEX1sxk/Ad4aVOrPk2oE/dzOmFmq4LeucYw9uJ6F7SdewAU8pghXMvBu
cOwvToFdEmRTvPmsDghsPmxSgTyL4DBwfJ2YbPfoFK6BDnZAmU3gw37+WXY0w7tW
1ea+kWN4v6Dv/GaOuBxQ4pAN2lQaDc99fMSp3G3TCFW4lh0lBEeBxvZOpHwuLrcd
1IbdPNy7z13Ko0639B935Lj1CRGpzEvgSgGtcMhkLifLAL7dhlVcU7fLIAOz5Kov
A7OESnlj8V8DuVirBTNUKGqgY/36g87e7n8g84Xse86vEFhppKzCcZtDIKQ5KvTv
+iLgQLs9mjHAUruNV9+JJx1spv8FZp0=
-----END CERTIFICATE-----

Next Step

7 Importing a Host Certificate to the Mediatrix Unit

7 Importing a Host Certificate to the Mediatrix Unit

Before You Start

You must have an SNTP server for current date and time.

Steps

  1. Go to Management/Certificates.
  2. Click Activate unsecure certificate transfer.
  3. From the Type selection list, select Host.
  4. Click Browse and select the Host certificate.
  5. Click Apply
  6. In the Host Certificate Associations table, select the services that Host Certificate should be associated with.

    Note

    A Host certificate is by default associated with all services. Several Host Certificates can be imported and associate with one or several services.

  7. Click Apply.

Result

This is an example of the result of a Host Certificate imported and associated with all services.

8 Documentation

Mediatrix units are supplied with an exhaustive set of documentation.

Mediatrix user documentation is available on the Documentation Portal .

Several types of documents were created to clearly present the information you are looking for. Our documentation includes:

  • Release notes: Generated at each GA release, this document includes the known and solved issues of the software. It also outlines the changes and the new features the release includes.
  • Configuration notes: These documents are created to facilitate the configuration of a specific use case. They address a configuration aspect we consider that most users will need to perform. However, in some cases, a configuration note is created after receiving a question from a customer. They provide standard step-by-step procedures detailing the values of the parameters to use. They provide a means of validation and present some conceptual information. The configuration notes are specifically created to guide the user through an aspect of the configuration.
  • Technical bulletins: These documents are created to facilitate the configuration of a specific technical action, such as performing a firmware upgrade.
  • Hardware installation guide: They provide the detailed procedure on how to safely and adequately install the unit. It provides information on card installation, cable connections, and how to access for the first time the Management interface.
  • User guide: The user guide explains how to customise to your needs the configuration of the unit. Although this document is task oriented, it provides conceptual information to help the user understand the purpose and impact of each task. The User Guide will provide information such as where and how TR-069 can be configured in the Management Interface, how to set firewalls, or how to use the CLI to configure parameters that are not available in the Management Interface.
  • Reference guide: This exhaustive document has been created for advanced users. It includes a description of all the parameters used by all the services of the Mediatrix units. You will find, for example, scripts to configure a specific parameter, notification messages sent by a service, or an action description used to create Rulesets. This document includes reference information such as a dictionary, and it does not include any step-by-step procedures.


9 Copyright Notice

Copyright © 2018 Media5 Corporation.

This document contains information that is proprietary to Media5 Corporation.

Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.

This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.

Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.