Reference Guide – DOC. 7150B 3-Series Control Systems • 21
Add a Certificate
To add a certificate to a certificate store on the control system:
1. Use an SFTP or SCP client to upload the certificate file (in .cer or .pem
format) to the “\User” directory.
2. Use an SSH console or Crestron Toolbox to copy the certificate file to the
“\ROMDISK\User\Cert” directory.
3. Issue the CERTIFicate ADD Certificate_Store <Certificate_Name>
<Certificate_UID> <Password> command.
• Certificate_Store: The certificate store where the certificate file
will reside [ROOT|MACHINE|USER|INTERMEDIATE|WEBSOCKET]
• Certificate_Name: The name of the certificate file
• Certificate_UID: The unique identifier of the certificate file
• Password: The password for the certificate file (machine certificates
only)
TLS/SSL
3-Series control systems provide support for Transport Layer Security (TLS) and
Secure Sockets Layer (SSL). TLS/SSL is a protocol that provides a secure channel
for communication between two machines. The secure channel is transparent
and passes data through unchanged. The data is encrypted between the client
and the server, but the data the one end writes is exactly what the other end
reads.
NOTE: 3-Series control systems only support TLS/SSL over TCP/IP. TLS/SSL is
set to “off” by default and is set to “self” after authentication is turned on.
To enable TLS/SSL, issue the SSL command:
• Syntax: SSL [OFF | SELF | CA] {TLSONLY | TLS1.2ONLY}
o OFF: Turns off SSL if it is on
o SELF: Turns on SSL using a self-signed certificate
o CA: Turns on SSL using a CA-signed certificate
o TLSONLY: Implies TLS 1.0, TLS 1.1, or TLS 1.2 is supported for
client/server connections
o TLS1.2ONLY: Implies that only TLS 1.2 is supported for client/server
connections
o No parameter: Displays the current setting
• Example: SSL CA TLS1.2ONLY
NOTE: When TLS/SSL is enabled, the control system uses a server certificate.
For more information, refer to “Server Certificates” on page 22.
To Next Page
Loading...
Need help?
General
