The CryptoService feature provided by versions of NiagaraAX prior to version 3.7 was station-based. All SSL configuration properties were stored in the station database. Prior to version 3.7, CryptoService supported only SSLv3 Http communication. The Fox Service and Niagarad protocols were not protected.
The SSL Toolset is platform-based and can be configured without a running station. In addition to protecting Http, the SSL Toolset:
-
Protects Fox Service and Niagarad.
-
Provides for the creation and signing of certificates for each NiagaraAX service (Fox, Http and Niagarad).
-
Makes it possible to deny stations that are not secure.
-
Offers a choice of cryptographic protocols to use (SSL or TLS).
-
Allows any port to be changed.
If you have been using the CryptoService with a version of NiagaraAX prior to version 3.7 on a platform that supports the HotSpot VM (for example a JACE-6, JACE-7, JACE-6E, or any Windows-based host), follow this general procedure to upgrade to the SSL Toolset.
Upgrade from crypto.jar
You cannot upgrade a JACE to the SSL Toolset if it supports only the IBM J9 VM, for example, the software is running on a
JACE-2 or JACE-4/5 series controller. A station running on a JACE-2/4/5 must continue to use the CryptoService for web SSL
(Https using crypto.jar), even if it has been upgraded to NiagaraAX 3.7 Update 1 (3.7u1 or 3.7.104) or later.
-
Back up and save the station.
-
Put the platform on a safe, secure network, such as a private, closed network.
-
Right-click CryptoService in the station Services node of the Nav tree and click Delete.
-
Save the station.
-
Stop the station.
-
Remove crypto.jar from the platform using the platform Software Manager.
-
Run the platform Commissioning Wizard to upgrade the platform.
When selecting software modules, make sure that platCrypto is selected for installation.
In the initial 3.7 release (3.7.44), modules cryptoCore and daemonCrypto are also required, in addition to platCrypto. However, starting in 3.7u1 (3.7.104 or later) those two modules are included in a core .dist file for each JACE, and automatically installed in a different location than the modules folder.
When commissioning is complete, the platform reboots and the station starts. Continue with Create certificates.