Setting Up the Endpoints
Creating a Profile for the Endpoints
In the UMS structure tree, open the context menu for Profiles and select New Profile.
In the New Profile dialog, enter the required data and click Ok:
Profile Name: Name for the profile
Based on: Select the version of IGEL OS that is installed on your devices (IGEL OS 11.03.100 or higher).
In the configuration dialog of the profile, go to System > Registry > devices > cherry_secureboard > enable and activate Secure keyboard input with Cherry SECURE BOARD (registry key:
devices.cherry_secureboard.enable
). (From UMS 6.03.130 or higher, the parameter can be found under User Interface > Input > Keyboard)Click Ok to save and close the profile.
Make sure that the profile is selected in the UMS structure tree.
In the Assigned objects area, click .
Under Files, select the file objects using the button:
User root CA certificate; here: userca-cert.pem
Client root CA certificate; here: clientca-cert.pem (optional)
Client certificate; here: client-cert.pem
Client key; here: client-key.pem
Click Ok.
In the Update time dialog, select Now and click Ok.
The certificate and key files are assigned to the profile.
Assigning the Profile to the Endpoints
In the UMS structure tree, select the devices that are to be connected to the Cherry SECURE Board keyboards.
In the Assigned objects area, click .
Under Profiles, select the appropriate profile using the button.
Click Ok.
In the Update time dialog, select Now and click Ok.
The settings and certificate and key files are transferred to the endpoints. The endpoints are ready for connecting to the Cherry SECURE BOARD keyboards.
Operation
The endpoint verifies if the Cherry SECURE BOARD has the right certificates. When the optional client certificates have been installed, too, the Cherry SECURE BOARD verifies if the endpoint has the right certificates. When everything went well, the endpoint and the Cherry SECURE BOARD work in secure mode.
On the keyboard side, the secure mode is indicated by the red light next to the lock symbol. On the endpoint side, the secure mode is indicated by an icon on the system tray.