TLS (Transport Layer Security) is a protocol for safely transferring data over the Internet. Two peers (devices) with TLS enabled can establish a safe session using a private key and a public key. Both peers (devices) use a randomly created symmetric key to encrypt the data to be transferred.
The following terms are used in the explanation of TLS in this section.
Key pair
A combination of a private key and a public key. These two cryptographic keys are determined mathematically.
Server certificate
Also called digital certificate. A server certificate binds a server (VSP One SDS Block) to a key pair. With a server certificate, VSP One SDS Block proves it is a server to a client. This way, VSP One SDS Block and the client can communicate with each other using TLS. Two types of server certificates are available.
-
Reliable certificate signed by a trusted Certificate Authority
You can create a certificate issue request, send it to a trusted Certificate Authority, and receive a signed certificate. Notable Certificate Authorities include VeriSign, Symantec, and the Certificate Authority in your company. When you use a certificate signed by a Certificate Authority, reliability of the certificate improves despite the cost and the criteria you need to meet. The websites of Certificate Authorities explain the procedures for issuing certificates. The procedure for obtaining a certificate signed by a Certificate Authority described in this document is just an example. For details, see the website of the Certificate Authority you want to apply for or contact the department in charge of the Certificate Authority in your company.
-
Self-signed certificate
You can create a certificate for yourself. In this case, the certified party is the same as the issuer of the certificate. This type of certificate might offer enough security if the controller node and the VSP One SDS Block communicate on an internal LAN protected by a firewall. However, best practice is to use this certificate only for testing encrypted connections.
The REST API or VSP One SDS Block Administrator becomes SSL/TLS communication by communicating over https.