Index | Prev | Next

Configuring secure platform communication

Platform and station security are independent of one another. The system defaults to enabling secure communication for both platform and station. Configuring a platform (Niagarad) for secure communication (platformtls) involves confirming the port, selecting the signed server certificate to use, and, if required, restricting the TLS protocol version.
A station's window into the platform-resident secure communication features is just like any other Platform Service under the station's Platform Administration node in the Nav tree. This means that anything configured for a platform is independent of whatever station is running. Follow this procedure for the Supervisor and all remote controller platforms.
Perform the following steps:
  1. Double-click Platform, double-click Platform Administration and click Change TLS Settings.

    The Platform TLS Settings window opens.

    Image

    The following settings are available:

    • State: TLS only. This is the required, and only, option for the JACE-9000. On the JACE-8000, this can be changed to Enable or Disable.
    • Daemon HTTPS Port: 5011. This is the required setting for the JACE-9000. On the JACE-8000 this can be changed to 3011.
    • Certificate Alias: default. If you are using a separate certificate for verifying niagarad communication, this is where you select the certificate which is already imported into the Certificate Management User Trust Store.
    • Certificate Password: The password protects the certificate with a unique password or you can use the global certificate password (check box) to prompt the user to provide and verify this credential.
    • Protocol: TLSv1.2+. This can be set to another version via the drop-down list or set during the certificate generation process.
       NOTE: TLSv1.0 and TLSv1.1 are still supported for backwards compatibility, but it is recommended to use TLSv1.2 and higher. 
    • Use Extended Master Secret: This is an enhanced security option available with TLS. Choose to use this option (True) or not use (False).
    • TLS Cipher Suite Group: Choose an option to control which cipher suites can be used during TLS negotiation. The Recommended option is more secure than Supported and should be used unless it causes compatibility issues with the client.

  2. Configure the properties as needed and click Save.

Related Links

  • Secure communication (Parent Topic)

    • Index | Prev | Next