Cross-network connections Internet connection via SwyxRemoteConnector Requirements Digital certificates
 
Digital certificates
Whether certain subscribers are authorized for the connection via SwyxRemoteConnector is checked via digital X.509 certificates. These certificates are also used for TLS encryption.
Within the SwyxServer configuration, you can chose between two options for the generation and management of certificates (For further information please refer to chapter SwyxWare- Run Setup.):
Automatically generated certificates
SwyxWare performs the generation and entry of certificates automatically. During server configuration, the root certificate and the server certificate are generated and stored in the SwyxWare database.
You can generate client certificates for users in the SwyxWare administration. (For further information please refer to "Use automatically generated certificate".)
Manually generated certificates
You can also manage certificates entirely manually. In this case, you'll have to take care of the procurement of root certificate, server certificate and all client certificates yourself. It is possible to utilize a self-signed root certificate.
The server certificate and all client certificates must be signed with the root certificate. You have to install the server certificate inside the server's Windows certificate storage, and the client certificates in the Windows certificate storages on the client PCs. SwyxWare saves only one thumb print for selecting the matching certificate for the RemoteConnector connection.
The server certificate must be installed on the computer on which SwyxRemoteConnector is running.
 
The certificates must include the following extensions:
Certificate type
X509v3 extensions:
Root certificate
X509v3 Basic Constraints: critical
    CA:TRUE
X509v3 Key Usage:
     Certificate Sign, CRL Sign
Server certificate
X509v3 Basic Constraints:
    CA:FALSE
X509v3 Key Usage:
   Digital Signature, Non Repudiation, Key Encipherment
    X509v3 Extended Key Usage:
      TLS Web Server Authentication
Client certificate
X509v3 Basic Constraints:
      CA:FALSE
X509v3 Key Usage:
     Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
     TLS Web Client Authentication
The certificates must be imported in the Windows certificate storage at the following position:
Certificate type
Range in certificate storage
Path in Windows certificate storage
Root certificate, public key only
Local computer memory
("Computer account")
Certificates (Local Computer) | Trusted Root Certificates | Certificates
Server certificate (including private key)
Local computer memory
("Computer account")
Certificates (Local Computer) | Personal - Certificates | Certificates
Client certificate (including private key)
 
Current user memory
("Own user account")
Certificates - Current User | Personal | Certificates
(For further information please refer to "Use automatically generated certificate".)