Digi AnywhereUSB 24 Plus + certificate

Hi.
Just bought a Digi AnywhereUSB 24 Plus, but can’t find out where to create a CSR and install the certficates on the hardware itselves.

Digi AnywhereUSB 24 Plus does not support the Certificate Signing Request option.
You can manually create a custom certificate instead.
By default, AnywhereUSB Hub uses the same embedded Digi certificate for Web UI and AWUSB service authentication.
If you wish to install a custom SSL cert, you must be sure that the AWSB Hub cert is updated on the client-side

  1. Make sure the cert is in PEM format
  2. Copy the certificate, and Private Key into notepad ++
  3. Copy everything from notepad to device Configuration > Services >AnywhereUSB >TLS identity certificate
    box. Make sure that you have Allow legacy encryption protocols enabled so you can click apply. You will
    still see the contains of the cert and private key.
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    -----END PRIVATE KEY-----
  4. Now select system > reboot.
  5. After the AnywhereUSB Plus device has rebooted return to the device configuration. You should now see 5 dots if your cert was successfully uploaded.
  6. Now return to the Anywhereusb manager. You will see that you have a red X instead of the green paddle lock. You will also see an invalid Hub cert message.
  7. You will highlight X AW08-000425. Select File > preferences. Click restore default settings, click OK, then click save. This will apply the new cert, and you should see the green paddle lock within a few seconds.
  8. Now close your browser, and re-open it. Now when you look at more information >security using the address bar, you should see that you are using your certificate.

The client does not use a Microsoft certificate trusted store for validation.
So you must upload the full certificates chain, which means: server cert and corresponding private key >intermediate cert >CA cert

For hierarchal certificates.

----BEGIN CERTIFICATE----
(server cert)
----END CERTIFICATE----
----BEGIN CERTIFICATE----
(intermediate cert)
----END CERTIFICATE----
----BEGIN CERTIFICATE----
(CA cert)
----END CERTIFICATE----
----BEGIN PRIVATE KEY----
private key
----END PRIVATE KEY----

1 Like

Thanks.
I’ll give it a go.

Cheers.