Certification Authority (CA) Options for Use with LQ Units

3 security authorization options are available. Choose the certification option that is best suited to your security requirements.

  1. A certificate of your own choosing.This option gives you complete control over the security of your Link-Group. Choose this certificate if protecting the details of your intercom configuration is critical. This option requires some specialized knowledge. You will need to know how to obtain a fullchain certificate and a private key, and how to install them on your browser. When using your own certificate you might have to provide a DNS server address and register the LQ device.

  2. The EasyDNS security certificate.

    This is a commercially certified certificate.

    When using the EasyDNS certificate, you have to provide a DNS server address for LQ registration.

    If you use this certificate, the browser needs Internet access to verify the certificate authenticity. This is because the browser will verify with AlphaSSL and GlobalSign that the certificate is valid.

  3. The Clear-Com self-signed (default) certificate. This certificate can be downloaded and installed for use with an HTTPS connection. It is used to encrypt the audio channel that the LQ devices establish on port 655 (linking). It also verifies all Agent-IC connections to LQ. This certificate can be used in a private network. It does not require Internet access to confirm its authority.

Warning:

Browsers are not set up to recognize self-certification. Using the Clear-Com self -signed certificate (option 3) is likely to cause your browser to issue a warning.

This example shows a warning posted by the Chrome browser:

proceed to connection

To work with the Clear-Com self-signed certificate, you will need either to find a way of disabling the warning (for example, install the certificate in the trusted certificates root directory), or make a choice to ignore the warning and proceed to the insecure connection. This is not a conventional way of working with your browser’s security features, but will provide a certain level of security if your Link-Group does not have Internet access.

Note: An iOS browser will only work with its own chosen certificates, so the Clear-Com self-signed certificate cannot be used in this context.

Related links:

HTTPS Certification Browser Support

Registering an LQ Unit with a DNS Server