Comtrol DeviceMaster PRO Installation And Configuration Manual page 46

Configuring Serial Ports and Enabling Security
46 - Secure COM Port Set Up
want to configure the secure COM port redirector.
7. Click Save.
8. Click Ok at the Configuration Updated page.
9. Click Configure Security.
10. Click Enable Secure Data Mode so that TCP connections that carry data to/from the
serial ports are encrypted using SSL or TLS security protocols. If this is enabled the
following DeviceMaster features are disabled:
• The Comtrol proprietary MAC mode Ethernet driver protocol used in NS-Link and
both UDP and MAC mode serial data transport
• The e-mail feature in SocketServer
• The RFC1006 features in SocketServer
11. Click Enable Secure Config Mode if you want to provide this level of security, which
disables the following features:
• Telnet access to administrative and diagnostic functions is disabled.
• SSH access is still allowed.
• Unencrypted access to the web server via port 80 (http:// URLs) is disabled.
Encrypted access to the web server via port 443 (https:// URLs) is still allowed.
• Administrative commands that change configuration or operating state which are
received using the Comtrol proprietary TCP driver protocol on TCP port 4606 are
ignored.
• Administrative commands that change configuration or operating state that are
received using the Comtrol MAC mode proprietary Ethernet protocol number
0x11FE are ignored.
12. If necessary, click Enable Telnet/ssh.
13. If required, click Set to configure RSA key pair used by SSL and SSH servers.
This is used to sign the Server RSA Certificate in order to verify that the DeviceMaster
is authorized to use the server RSA identity certificate. Possession of the private
portion of this key pair allows somebody to pose as the DeviceMaster If the Server
RSA Key is to be replaced, a corresponding RSA identity certificate must also be
generated and uploaded or clients are not able to verify the identity certificate.
a. Click Browse to locate the server RSA key.
b. Click Upload.
14. If required, click Set to configure the RSA identity certificate that the DeviceMaster
uses during SSL/TLS handshaking to identify itself.
It is used most frequently by SSL server code in the DeviceMaster when clients open
connections to the DeviceMaster's secure web server or other secure TCP ports. If a
DeviceMaster serial port configuration is set up to open (as a client) a TCP connection
to another server device, the DeviceMaster also uses this certificate to identify itself
as an SSL client if requested by the server.
In order to function properly, this certificate must be signed using the Server RSA
Key. This means that the server RSA certificate and server RSA key must be replaced
as a pair.
a. Click Browse to locate the RSA server certificate.
b. Click Upload.
15. If required, click Set to enter the private/public key pair that is used by some cipher
suites to encrypt the SSL/TLS handshaking messages. Possession of the private
portion of the key pair allows an eavesdropper to decrypt traffic on SSL/TLS
connections that use DH encryption during handshaking.
16. If required, click Set to upload the Client Authentication Certificate.
DeviceMaster Installation and Configuration Guide: 2000506 Rev. B