Knowledge Base What’s the requirements for TP-Link Switch SSL certificate and key file?
For TP-Link Switch, it supports HTTPS for management web. Provides security access via a web browser. HTTPS is based on SSL. Before the client and server communicate, they need to pass the authentication by certificate. The switch carries a self-signed certificate. Users also can import their certificate file and key file. The related management web is as follows.
The certificate file and key file has many formats. If you meet the error when import certificate file, it may be caused by the wrong format. For certificate file and key file, they must match each other; otherwise the HTTPS connection will not work. And they should be BASE64 encoded and match the below format.
For certificate file, it needs to match the following format.
"-----BEGIN CERTIFICATE-----"
***
"-----END CERTIFICATE-----"
For key file, it needs to match one of the following formats.
"-----BEGIN RSA PRIVATE KEY-----"
***
"-----END RSA PRIVATE KEY-----"
or
"-----BEGIN EC PARAMETERS-----"
***
"-----END EC PARAMETERS-----"
"-----BEGIN EC PRIVATE KEY-----"
***
"-----END EC PRIVATE KEY-----"
Addition
Sometimes you will see that the key file uses the format of “BEGIN PRIVATE KEY”. It’s available in the form of PKCS#8, that identifies the type of public key and contains the relevant data. Generally, if you use the command of “openssl req xxx” to generate both the private key and the crt/csr, the key will use the format of “BEGIN PRIVATE KEY”.
To make the key file be able to import to TP-Link switch, you can convert the “BEGIN PRIVATE KEY” to the formats that TP-Link supports. Just use the command “openssl rsa –in $FROMFILE –out $TOFILE”. $FROMFILE means the filename of your current key file. $TOFILE means the filename of the newly generated key file.