Index | Prev | Next

Secure communication certificate setup

Secure communication applies to data transmitted among entities, which may be geographically far apart. The Niagara Framework supports TLS (Transport Layer Security), a cryptographic protocol for server authentication and secure encryption of data over the Internet. This is the same level of security provided by credit card companies and banks.

Setting up a secure network involves one or more of these tasks:

  • Creating folders to organize PKI (Public Key Infrastructure) certificates and certificate signing requests.
  • Creating a root CA (Certificate Authority) certificate (if the company serves as its own certificate authority).
  • Creating server certificates, one for each PC, controller/station, and other connected device, such as a camera.
  • Sending a certificate signing request for each server certificate to a recognized external CA for signing, or signing the requests in house using the company’s root CA certificate with its private key.
  • Matching the signed server certificate requests with the original certificates.
  • Configuring each platform/station for secure communication. This step identifies the certificate.
  • If the company serves as its own CA, importing its root CA certificate with its public key into the User Trust Store of each controller and PC, into the Windows trust store, and into the browser trust store.
  • Confirming the Windows certificate.
  • Importing the root CA certificate into the Java Control Panel.

If you can connect to all the subordinate stations and devices in the network, you can perform all of these steps using Workbench running on a single PC. If the network is geographically distributed, you may need to transport certificates. You can email the root CA certificate with only its public key. Do not email any certificate with its private key.

You can also use the Certificate Wizard to create a root CA and server certificates, however, if you are new to certificate management, work through the individual steps using the Certificate Management tool. This will give you a better understanding of the steps. Then use the wizard.

Related Links

  • PKI certificates
  • Certificate stores
  • Creating certificate storage
  • Certificate Wizard
  • Creating a root CA certificate
  • Creating a server certificate and CSR (Certificate Signing Request)
  • Signing a server certificate
  • Matching a server certificate with its signed CSR
  • Changing TLS settings
  • Importing the root certificate into a platform/station User Trust Store
  • Importing the root certificate into the Workbench User Trust Store
  • Installing a root certificate in the Windows trust store
  • Importing the root certificate into the Java Control Panel
  • Exporting to back up certificates
  • Cleaning up the stores
  • Verifying the certificates
  • Accepting a self-signed certificate after a change
  • System security (Parent Topic)

    • Index | Prev | Next