Generating a Private Key
Enter openssl genrsa -aes256 -out your_device.key
Note: The following step is optional.
- Enter cp your_device.key your_device.key.orig
Enter openssl rsa -in your_device.key.orig -out
your_device.key to remove the passphrase.
[root@localhost mycert]# cp 192.168.1.31.key 192.168.1.31.key.orig [root@localhost mycert]# openssl rsa -in 192.168.1.31.key.orig -out 192.168.1.31.key Enter pass phrase for 192.168.1.31.key.orig: writing RSA key [root@localhost mycert]#
- a length of 2048 bits
- encryption with a 256 bit AES algorithm.
The output filename is your_device.key.
Creating a Certificate Signing Request (CSR) from a Private Key
A CSR is generated from the private key created in the Generating a Private Key procedure with a SHA256 signature algorithm. This is a result example.
[root@localhost mycert]# openssl req -new -key 192.168.1.31.key -out 192.168.1.31.csr -sha256 Enter pass phrase for 192.168.1.31.key: You are about to be asked to enter information that will be incorporatedinto your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blankFor some fields there will be a defaultvalue, If you enter '.', the field will be left blank. ----- Country Name (2 letter code)[XX]:CA State or Province Name (full name:Quebec Locality Name (eg, city) [Default City]:Montreal Organization Name (eg, company) [Default Company Ltd]:Media5 Organizational Unit Name (eg,section):TAC Common Name (eg, your name or your server's hostname):192.168.1.31 Email Address:email@example.com Please enter the following 'extra'attributes to be sent with your certificate request A challenge password  :An optional company name : [root@localhost mycert]#
Signing the CSR file by Your Own Certificate Authority (CA)
Use this procedure if your certificates are signed by a Certificate Authority you have access to.
- CA.key is the private key of your CA
- CA.crt is the CA’s public certificate
- CA.srl is the serial number file
- 3652 days is the validity period of the certificate
- host_ext.cnf defines the usage of the
[ host_ext ] basicConstraints = CA:false keyUsage = digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth, clientAuth
When the certificate will be imported to the Mediatrix unit, the information defined for the keyUSage of the host_ext.cnf file will be displayed in Management>Certificates/Host Certificates table, under the Usage column.
[root@localhost mycert]# openssl x509 -req -extfile host_ext.cnf -extensions host_ext -sha256 -days 3652 -in 192.168.1.31.csr -CA CA.crt -CAkey CA.key -CAserial CA.srl -out 192.168.1.31.crt Signature ok subject=/C=CA/ST=Quebec/L=Montreal/O=Media5/OU=TAC/CN=192.168.1.31/emailAddressfirstname.lastname@example.org Getting CA Private Key Enter pass phrase for CA.key: root@localhost mycert]#
Signing the CSR by a Third Party Certificate Authority (CA)
Use this procedure if your certificates are signed by a Certificate Authority you do not have access to.
Self-signing the CSR File
Use this procedure if your certificates are self-signed, i.e. security is not an issue.
host_ext.cnf is a file containing the following which defines the usage of the certificate:
[ host_ext ] basicConstraints = CA:false keyUsage = digitalSignature, keyEncipherment,dataEncipherment extendedKeyUsage = serverAuth, clientAuth
Combining the Private Key and the Signed Certificate
The host certificate required by the Mediatrix contains two parts: the private key and the signed certificate.
[root@localhost mycert]# cat 192.168.1.31.key 192.168.1.31.crt > 192.168.1.31.pem [root@localhost mycert]# more 192.168.1.31.pem -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAuxKDO66oKOigcHQ1r1lnXLiQT9R0oQkE/ppODo9vXZVsc8D6 uyFldRoDnm6wBHbbrhLgBfsZ5nVHwZ2KCsjJB2THehDXUskLS/4EWMveLcrzGygH +qjHArwYmYQdEQrYrd/RqkDgnR2j9gocZBRXBfAWYtLgacJe4xlPy317JyR7YrlL Qfv2hZAXqSdutmYJCysO405oEv1Dv7kfIDQvxP74Qsh0JgmW4Kq0eQdkfo+Xkwlp pIdYyIHi+5TgWz4YoMRbZHZfKF+VdwOGAeSy2X+QCmHP81GR+SPefHzzn9oUk0Ha DpjAPgKWUaaJPHrC8k+gsu6WiO+dCRcUWnX47QIDAQABAoIBAQCnEMFia3iCED44 L5BCKPXGOI2ovXPq3MM5HVTYbABo8ykHtzA0Ln8NNU5GD1PiqMNHklO/A6D9z39l yeud9fKSR85dlOy3YhRUqWX4ZxjkjHrPpdB6aoBQUOsnLnVG4wjfPyNfiNEPf4kO EbmJJyEQjHlxiCIiUROsfM5mTInPSZ3Glgm9l3gRZCBBLLf6js+NilYYi2ASyw6i F1+Kxw0KTvxKa1TR0HYH35urPW528dFyZp8/f2QUUSM4aN5uQrKj8jDwEOIORsW6 +ybzMOpIbbS2I+cbmtDgr5KjjlE1+7dMY3K/hUmUkE+FPZiJf3v8vFFsRucAQCxq 1lg33ogBAoGBAOjZLXyIiz1ORC/poRyMEhQ8xRUQaZiI279/J7N426F1G4An8yUl 8Qcmj2PXraLwnl6kX08Mmul7DN78BD0C7LSKK17PIFMH3NV8vWM8eWaE7nP9EqAJ l0LtOgN2t+WeNL/Mc551XeBCCG9Ifg+pfnjF8kDPjqTe+8U4BEt4dYQxAoGBAM2s K9vLoXoxJ5Oay+ojTMYSuqPfEIND9WuzUJvLAjtgJGKUJsXYUnk5zVZ2IYRMt2EV nCuAsemwComgDfLimcAEhUzGURG6t0pB7u2FWYiLm+ZJquCxl66p7zrQ/3hc2Q+Y 61mJ3lEay/IIrksS807PCk/k8q9tmGOYg7mQcP19AoGATzg8coceIFB1gHuTFdxN 9laqkr0PwBan9OH1BumSh78JCTQOVFAxTcZ/uG9TowEMUJTJ3GIkflUgDuldI8jP 8aikktATZkxhhLy4zn9vqkKFwi6S3KIGtX1yZGVKsbN+rNaJa5rwwnCU4A+g3AFF hx+JiSVUmaFHtVSWmXq1OLECgYAomyRxmauA33GL39UAngWLWalFr0WoVOOAZv+0 Mol3RY0JdWyORR5LVtEmj94gK7FM1qJlqFv34kzCTTpTyM9ILNxQgxsAYBfN7mSI unopzj5yYfr9r7Jdxqk3uImnrtUgEjXtEJ427w5y86nNoqks1w2XJoGPhxi+GR9w pIbaVQKBgBX/k9qc/wXf8uI6R650Jn8HiFFI0nr6brscnmd0OD7bJPf2b4tKv1ap CwSWj/BxYt9agncccXyEG8vHVLCtJYNYHJ/+OwID0ttN9dLE2fLPV1sgigMSY9oP R9KrLT+LPKL1V11s033vuLcD6jOknH2klKNRsNyxjGt+of0YxRaw -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID0zCCArugAwIBAgIJAOcfWOxpBWD+MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD VQQGEwJDQTEPMA0GA1UECAwGUXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEPMA0G A1UECgwGTWVkaWE1MQwwCgYDVQQLDANUQUMxFjAUBgNVBAMMDTE5Mi4xNjguMS4y MjYxITAfBgkqhkiG9w0BCQEWEnRuZ0BtZWRpYTVjb3JwLmNvbTAeFw0xNTEyMDEx MTQ4MThaFw0yNTExMzAxMTQ4MThaMIGKMQswCQYDVQQGEwJDQTEPMA0GA1UECAwG UXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECgwGTWVkaWE1MQwwCgYD VQQLDANUQUMxFTATBgNVBAMMDDE5Mi4xNjguMS4zMTEhMB8GCSqGSIb3DQEJARYS dGFjQG1lZGlhNWNvcnAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAuxKDO66oKOigcHQ1r1lnXLiQT9R0oQkE/ppODo9vXZVsc8D6uyFldRoDnm6w BHbbrhLgBfsZ5nVHwZ2KCsjJB2THehDXUskLS/4EWMveLcrzGygH+qjHArwYmYQd EQrYrd/RqkDgnR2j9gocZBRXBfAWYtLgacJe4xlPy317JyR7YrlLQfv2hZAXqSdu tmYJCysO405oEv1Dv7kfIDQvxP74Qsh0JgmW4Kq0eQdkfo+XkwlppIdYyIHi+5Tg Wz4YoMRbZHZfKF+VdwOGAeSy2X+QCmHP81GR+SPefHzzn9oUk0HaDpjAPgKWUaaJ PHrC8k+gsu6WiO+dCRcUWnX47QIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQE AwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEL BQADggEBAEX1sxk/Ad4aVOrPk2oE/dzOmFmq4LeucYw9uJ6F7SdewAU8pghXMvBu cOwvToFdEmRTvPmsDghsPmxSgTyL4DBwfJ2YbPfoFK6BDnZAmU3gw37+WXY0w7tW 1ea+kWN4v6Dv/GaOuBxQ4pAN2lQaDc99fMSp3G3TCFW4lh0lBEeBxvZOpHwuLrcd 1IbdPNy7z13Ko0639B935Lj1CRGpzEvgSgGtcMhkLifLAL7dhlVcU7fLIAOz5Kov A7OESnlj8V8DuVirBTNUKGqgY/36g87e7n8g84Xse86vEFhppKzCcZtDIKQ5KvTv +iLgQLs9mjHAUruNV9+JJx1spv8FZp0= -----END CERTIFICATE-----
Importing a Host Certificate through the Web Page
- Go to Management/Certificates.
- Click Activate unsecure certificate transfer.
- From the Type selection list, select Host.
- Click Browse and select the Host certificate.
- Click Apply
In the Host Certificate Associations
table, select the services that Host Certificate should be associated
Note: A Host certificate is by default associated with all services. Several Host Certificates can be imported and associated with one or several services.
- Click Import.
- Click Apply.
Importing any Certificate through a Configuration Script
To use the Cert.InstallCertificate command, the provided content must be a valid certificate file encoded in Base64.
Under Linux system:
base64 --wrap=0 myCertificate.crt >
With OpenSSL tool:
openssl base64 -A -in myCertificate.crt -out
Prepare the configuration script file with the wanted
Cert.InstallCertificate command line to execute.
IMPORTANT: The FileContent argument requires the Base64 encoding of the whole certificate file, including the portions that may be already in Base64.IMPORTANT: Double quotes must be used around the Base64 value of the FileContent argument.
Cert.InstallCertificate Name="MyCertificate.crt" Type="Host" FileContent="LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ pNSUlFb3dJQkFBS0NBUUVBdXhLRE82Nm9LT2lnY0hRMXIxbG5YTGlRVD lSMG9Ra0UvcHBPRG85dlhaVnNjOEQ2CnV5RmxkUm9E...RESUtRNUt2V HYKK2lMZ1FMczltakhBVXJ1TlY5K0pKeDFzcHY4RlpwMD0KLS0tLS1FT kQgQ0VSVElGSUNBVEUtLS0tLQ=="Note: For more details about the Cert.InstallCertificate command, refer to the DGW Configuration Guide - Reference Guide published on the Media5 Documentation Portal.Note: For more details on size limitation with configuration script file, refer to the DGW Configuration Guide - Limitations of DGW Platforms document published on the Media5 Documentation Portal
- Go to Management/Configuration Scripts/Execute.
- If you are not using HTTPS, click Activate unsecure file importation from the Web browser.
- In the Upload Script Through Web Browser table, browse to the location of the file you wish to import.
- Click Upload and Execute.
If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will bedisplayed.
Mediatrix devices are supplied with an exhaustive set of documentation.
Mediatrix user documentation is available on the Media5 Documentation Portal.
- Release notes: Generated at each GA release, this document includes the known and solved issues of the software. It also outlines the changes and the new features the release includes.
- Configuration notes: These documents are created to facilitate the configuration of a specific use case. They address a configuration aspect we consider that most users will need to perform. However, in some cases, a configuration note is created after receiving a question from a customer. They provide standard step-by-step procedures detailing the values of the parameters to use. They provide a means of validation and present some conceptual information. The configuration notes are specifically created to guide the user through an aspect of the configuration.
- Technical bulletins: These documents are created to facilitate the configuration of a specific technical action, such as performing a firmware upgrade.
- Hardware installation guide: They provide the detailed procedure on how to safely and adequately install the unit. It provides information on card installation, cable connections, and how to access for the first time the Management interface.
- User guide: The user guide explains how to customise to your needs the configuration of the unit. Although this document is task oriented, it provides conceptual information to help the user understand the purpose and impact of each task. The User Guide will provide information such as where and how TR-069 can be configured in the Management Interface, how to set firewalls, or how to use the CLI to configure parameters that are not available in the Management Interface.
- Reference guide: This exhaustive document has been created for advanced users. It includes a description of all the parameters used by all the services of the Mediatrix units. You will find, for example, scripts to configure a specific parameter, notification messages sent by a service, or an action description used to create Rulesets. This document includes reference information such as a dictionary, and it does not include any step-by-step procedures.
Copyright © 2023 Media5 Corporation.
This document contains information that is proprietary to Media5 Corporation.
Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.
This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.
Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.