| 1. |
What does the crypto.jar file do? |
|
The CryptoService module (crypto.jar) enables Secure Socket Layer (SSL) encryption between a NiagaraAX client (browser using the https protocol or email client) and server (remote station). |
|
| 2. |
Does the CryptoService support Transport Layer Security (TLS) and/or Simple Authentication and Security Level (SASL)? |
|
It supports only SSL. |
|
| 3. |
Is a license to use CryptoService required in the US? |
|
A license is required to encrypt WebService communications using ssl regardless of your geographical location. |
|
| 4. |
Can I distribute the crypto.jar file to customers outside the US? |
|
You may not distribute the crypto.jar to any country on the US “banned countries” list. These include Cuba, Iran, North Korea, Sudan, and Syria. Others may be added by the US government at any time and it is up to you to adhere to all applicable US Export laws. |
|
| 5. |
How do I set up SSL for email? |
|
When setting up incoming and outgoing email accounts, you enable SSL by setting the Use Ssl property to ‘true.’ For more information, see “email-IncomingAccount” and “email-OutgoingAccount” in the NiagaraAX User Guide. |
|
| 6. |
How do I configure a station WebService for encryption? |
|
Open the platform and station; drag and drop the CryptoService module from the palette onto the station’s Services folder in the Nav tree; then, enable https communications on the WebService property sheet. For more information, see Configure CryptoService. |
|
| 7. |
Where can I find the crypto.jar? |
|
The crypto.jar is in the modules directory. If your version of NiagaraAX predates version 3.5.25.2, the crypto.jar may a stub file, which will need to overwritten with the crypto.jar file attached to the license email. Within Workbench, the CryptoService is located in the Palette. |
|
| 8. |
When an applet is running in a secure browser are the applet communications secure? |
|
No. CryptoService supports secure https communications indicated by the “s” at the end of “http” and the visible lock symbol next to the URL. Secondary connections that use Wb profiles are not secure. To ensure secure communications, configure your application for Hx profiles such that the Workbench applet will not be used. |
|
| 9. |
Is it possible to configure the CryptoService for EmailService only? |
|
To use for secure email only, do not make any changes to the WebService properties. You would use this configuration if you are more concerned to secure inbound than outbound communications. |
|
| 10. |
Can I use a certificate with private and public keys that was created by third-party utility other than Oracle’s Keytool? |
|
Yes, You can create and sign your own certificate chain using any appropriate utility. See Import a private key to a TKS Key Store for how to prepare and import the file to the Key Store. |
|
| 11. |
Can I be my own Certificate Authority? Can I use CryptoService to sign certificates? |
|
No. CryptoService cannot be used to create or sign certificates. This Engineering Note explains how to use Oracle’s Keytool and OpenSSL to manage the TKS Key Store and create certificates. You may use the NiagaraAX 3.7 (or later) SSL Toolkit to create and sign certificates for use with NiagaraAX 3.6 and earlier versions. |
Copyright © 2000-2016 Tridium Inc. All rights reserved.