Edit security configuration page – Comtrol Modbus TCP User Guide User Manual
Page 58
58 - Chapter 3. Embedded Configuration Pages
DeviceMaster UP Modbus/TCP User Guide: 2000447 Rev. I
Edit Security Configuration Page
3.8. Edit Security Configuration Page
You can use the Edit Security Configuration page to configure security on the DeviceMaster UP.
Edit Security Configuration Page
Enable Secure Data
Mode
(Default = Disabled)
If Secure Data Mode is enabled, TCP connections that carry data to/from the
serial ports are encrypted using SSL or TLS security protocols. This includes
the following:
•
TCP connections to the per-serial-port TCP ports (default is 8000, 8001,
8002, ...) are encrypted using SSL/TLS.
•
TCP connections to TCP port 4606 on which the DeviceMaster UP
implements the Comtrol proprietary protocol are encrypted using SSL/TLS.
•
In addition to encrypting the data streams, it is possible to configure the
DeviceMaster UP so that only authorized client applications can connect
using SSL/TLS.
See
on Page 59 for more information.
Enable Telnet/ssh
(Default = Enabled)
This option enables or disables the telnet security feature after you click Save
and the DeviceMaster UP has been rebooted.
Enable SNMP
(Default = Enabled)
This option enables or disables the SNMP security feature after you click Save
and the DeviceMaster UP has been rebooted.
RSA Key pair used by
SSL and SSH servers
This is a private/public key pair that is used for two purposes:
•
It is used by some cipher suites to encrypt the SSL/TLS handshaking
messages. Possession of the private portion of this key pair allows an
eavesdropper to both decrypt traffic on SSL/TLS connections that use RSA
encryption during handshaking.
•
It is used to sign the Server RSA Certificate in order to verify that the
DeviceMaster UP is authorized to use the server RSA identity certificate.
Note: Possession of the private portion of this key pair allows somebody to pose
as the DeviceMaster UP.
If the Server RSA Key is to be replaced, a corresponding RSA identity
certificate must also be generated and uploaded or clients are not able to verify
the identity certificate.