Configure serial authentication

This section describes how to configure authentication for serial access.

  Web

  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights.
  2. Access the device configuration:

    1. Locate your device as described in Use Digi Remote Manager to view and manage your device.
    2. Click the Device ID.
    3. Click Settings.
    4. Click to expand Config.

    1. On the menu, click System. Under Configuration, click Device Configuration.

      The Configuration window is displayed.

  3. Click Authentication > Serial.
  4. (Optional) For TLS identity certificate, paste a TLS certificate and private key in PEM format. If empty, the certificate for the web administration service is used. See Configure the web administration service for more information.
  5. For Peer authentication, select the method used to verify the certificate of a remote peer.
  6. Include standard CAs is enabled by default. This allows peers with certificates that have been signed by standard Certificate Authorities (CAs) to authenticate.
  7. Click to expand Custom certificate authorities to add the public certificates of custom CAs.
    1. For Add CA certificate, type the name of a custom CA and click .
    2. Paste the public certificate for the custom CA in PEM format.
    3. Repeat for additional custom CA certificates.
  8. Click to expand Peer certificates to add the public certificates of trusted peers.
    1. For Add Peer certificate, type the name of a trusted peer and click .
    2. Paste the public certificate for the trusted peer in PEM format.
    3. Repeat for additional trusted peer certificates.

  9. Enable TelNet Login, which requires a user to login via the TelNet connection before accessing a port.

  10. Click Apply to save the configuration and apply the change.
  1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX15 local command line as a user with full Admin access rights.

    Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  2. At the command line, type config to enter configuration mode:

    > config
(config)>

  3. (Optional) Paste a TLS certificate and private key in PEM format:
    (config)> auth serial identiy "cert-and-private-key"
(config)>
  4. Set the method used to verify the certificate of a remote peer:
    (config)> auth serial verify value
(config)>

    where value is either:

    • ca: Uses certificate authorities (CAs) to verify.

    • peer: Uses the remote peer's public certificate to verify.

  5. By default, peers with certificates that have been signed by standard Certificate Authorities (CAs) are allowed to authenticate. To disable:
    (config)> auth serial ca_standard false
(config)>
  6. Add the public certificate for a custom certificate authority:
    (config)> add auth serial ca_certs CA-cert-name "cert-and-private-key"
(config)>

    where:

    • CA-cert-name is the name of the certificate for the custom certificate authority.

    • cert-and-private-key is the certificate and private key for the custom certificate authority.

    Repeat for additional custom certificate authorities.

  7. Require a user to login via the TelNet connection before accessing a port.
    (config)> auth serial telnet_login?
(config)>
  1. Save the configuration and apply the change.
    (config)> save
Configuration saved.
>
  2. Type exit to exit the Admin CLI.

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device.