Non- Secure Connections; Secure Connections Configuration; Security Certificate Configuration; Menu Options - ABB AWT420 Manual

8 AW T4 2 0 U N I V E R S A L 4 - W I R E , D U A L- I N P U T T R A N S M I T T E R | C O M/A W T4 2 0/ E T H E R N E T- E N R E V. C
...5 Configuration

Non- secure connections

To establish a non-secured connection, the AWT420 Ethernet
must be configured as follows:
• Secure Connection must be set to Disabled
• Port Number must be set to 80 (HTTP)
To connect to the device, open a web browser and in the
address bar type:
http://<IP Address>
Refer to Figure 4. In this example. IP Address is set to the value:
10.0.0.1:
Figure 4 Example of URL to be used for non-secure connection
Secure Connection, Port Number and IP Address configuration
parameters are explained on page 7, Ethernet Menus.

Secure connections configuration

To establish a secure connection over SSL/TLS, it is necessary
for a server to prove its identity. The AWT420 achieves this by
using asymmetric cryptography, also known as public key
cryptography. A private/public key pair is created, with the
private key maintained secret and the public key freely
distributed. When a client wants to establish a secure
connection with a server, it requests the server a file known
as ̕ d igital certificate̕ .
This document contains, among other information:
• the name of the device
• certificate creation and expiration dates
• the server's public key
• a certificate hash encrypted with the server's private key
(digital signature)
Upon reception of the digital certificate, the client tries to
decrypt the signature to retrieve the original certificate hash
and compare it with the locally calculated hash. If the
comparison operation is successful, it constitutes proof of
identity of the server, because the signature could be encrypted
only with the private key associated to the public key
distributed with the certificate. However, the AWT420 supports
self-signed certificates. This means the web browser raises a
warning to indicate it cannot verify the authenticity of the
certificate.
The user must ensure the network is secure and there are no
intrusions. The user must add an exception to the list of servers
it trusts as, from this moment onwards, the warning is not
raised again. The procedure to add web server exception is
explained on page 11 in Web Browser first connection.
Security Certificate configuration menu options
Refer to page 7 for Security Certificate menu options.

Certificate management and storage

The AWT420 has an on-board HSM (Hardware Security Module)
which performs the following functions:
• creation of self-signed certificates
• secure private and public key pair creation and storage
• secure certificate storage
• digital signatures creation and verification
There are two different phases in the device service life
regarding the security certificates:
• provisioning
• certificate renewal