SSL / TLS basis

During the SSL/TLS negotiation process, the server identifies itself to the client by sending the server certificate. The server certificate\'s main purpose is to allow the client to determine that the server is indeed the server it claims to be.

The certificate authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. So, the CA assures you that no one possesses a certificate for a domain which is not their own. This allows clients to rely upon signatures made about the private key that corresponds to the certified public key. In this model of trust relationships, a CA is a third-party trusted both by the client and the server.

To fulfill its purpose, the server certificate contains the server\'s ID information (name, address, description, etc.) and its public key. It also contains a digital signature, signed by the CA, which authenticates this information. The client must trust the CA in order to accept its signature on a certificate. Furthermore, the trust relationship between the client and the CA must be established prior to the communication session. Usually, a client software (for example, Internet browsers as Google Chrome) include a set of trusted CA certificates. This makes sense, as many users need to trust their client software. Therefore, once a trusted CA\'s certificate is stored on the client, it will accept certificates signed by that CA from the SSL/TLS server it connects to.

Before using secure connections with WiFi or 4G radios, you must make sure the CA certificate is correctly installed on the radio.

Certificate management

In you set up your own system and create your own certificates, you should already have the CA certificate. If you are using an external third-party server, you must follow the next steps in order to obtain the CA certificate from your web browser application (i.e. Google Chrome). Imagine we want to access to https://twitter.com and we need to install the corresponding CA certificate:

Step 1: Use the browser to access to the website.

Step 2: Get the details of the Server\'s certificate.

Step 3: View Server\'s certificate.

Step 4: Extract information about the Certificate Authority.

Step 5: Go to web browser settings to look for the installed CA certificate.

Step 6: Go to "HTTPS/SSL" settings and enter into "Manage certificates" section.

Step 7: Export the correct certificate from the list of Authorities.

Step 8: Now you can open the certificate with a text editor application and copy it into the PCS form.