Index | Prev | Next

Change TLS Settings window

This window provides access to the primary TLS settings.
Figure 59.   Platform TLS Settings with default values (enabled)
Image
Properties Value Description
State Disabled, Enabled, or Tls Only Specifies how Workbench clients connect to this host’s platform daemon.
  • Disabled — Secure platform connections not possible (only regular platform connections).
  • Enabled — Secure platform connections permitted, as well as regular platform connections.
  • Tls Only — Only secure platform connections are allowed. Any attempt to connect without security goes unresolved (errors out).

    This state is reflected among the properties listed on the main Platform Administration view, as “Platform TLS Support” state.

     
    NOTE: The Tls Only option provides the best security. In Niagara 4, all platforms support secure (TLS) platform connections, even if a freshly “clean disted” controller.
     
Port four-digit number (default is 5011) Identifies the software port monitored by the platform daemon for a secure platform connection. This is different than the default HTTP port (3011) for a regular platform connection that is not secure.
 
CAUTION: If there is a firewall on the host (or its network), before changing this port make sure that the firewall will allow traffic to the new port.
 
Certificate text (default is the tridium self-signed certificate)

The alias for the server certificate in the platform’s key store to use for any platformtls connection. The default is automatically created when Niagara is first loaded. If another certificate has been imported in the platform’s key store, use the drop-down control to select it instead.

Certificates on the platform are managed via the platform Certificate Management view. For general information in this document, see Station Security Guide.

Protocol TLSv1.0+ — (default) Includes TLS versions 1.0, 1.1, and 1.2, providing the most flexibility; TLSv1.1+ — Only TLS versions 1.1 or 1.2 are accepted; TLSv1.2 — Only TLS version 1.2 is accepted.

Defines the minimum TLS (Transport Layer Security) protocol version that the platform daemon’s secure server accepts to negotiate with a client for a secure platform connection. During the handshake, the server and client agree on which protocol to use.

Related Links

  • Change TLS Settings (AX38U1) (Parent Topic)

    • Index | Prev | Next

    Copyright © 2000-2016 Tridium Inc. All rights reserved.