Network Configuration – SSL Certificates

When the HTTPS+Certs option is enabled (see Receiver Options – Details) in a Trimble GNSS receiver, the SSL Certificate Upload page can be used to install one or more of three types of certificates.

NOTE – Only PEM (base64 ASCII) format certificates can be installed. Both the HTTPS and CLIENT certificates must include the associated private key in ASCII/PEM format, and that key must be unencrypted.

When a web browser connects to a web server supporting HTTPS, that server sends the certificate installed for server authentication. Any valid certificate can be used, but for a browser client to automatically accept that certificate, two conditions must be met.

  • All CA certificates in the chain from the root CA through all intermediate CAs used must be available. The root CA certificate must always be installed on the client host in the “trusted root CA store”. However, any intermediate CA certificates in the chain may either be installed on the client host as trusted or included in the set of certificates sent by the web server.

  • The Subject common name (CN) on the certificate must match the name by which the host is identified in the browser URL.

 

Upload Certificate

Type

  • SSL CA – One or more root and/or intermediate CA certificates used to authenticate the remote NTRIP Caster when the Enable SSL/TLS and the Authenticate NTRIPCaster check boxes are selected for an NTRIP Client or NTRIP Server operation.

    All CA certificates in the chain from the root CA through the last intermediate CA used to sign the remote NTRIP Caster HTTPS certificate must be installed on the receiver to enable authentication of the NTRIP Caster certificate. Note that the CA certificate required for IBSS authentication is pre-installed and need not be installed by the user. See IBSS/NTRIP Client or IBSS/NTRIP Server.

  • SSL Client – Certificate used to authenticate the GNSS receiver when the Enable SSL/TLS and the Send Client Certificate check boxes are selected for NTRIP Server operation. The Client certificate will be provided by the operator of the NTRIP Caster to which data is being sent. The intended purpose of the certificate must include “client authentication”. See IBSS/NTRIP Server.

  • HTTPS Server – Certificate sent by the receiver when the web interface is accessed using the HTTP Secure (HTTPS) protocol. Any user-installed HTTPS certificate must have “server authentication” enabled in its intended purpose. See HTTP Server Config.