Step 8 – Comtrol DeviceMaster NS-Link User Manual
Page 37
DeviceMaster Driver User Guide: 2000595 Rev. A
Using IP Mode and Enabling SSL - 37
NS-Link Device Driver Configuration
•
TCP connections to TCP port 4606 on which the DeviceMaster implements
the Comtrol proprietary serial driver protocol are encrypted using SSL/
TLS.
•
Since SSL/TLS can not be used for either UDP data streams or for the
Comtrol proprietary MAC mode Ethernet driver protocol, both UDP and
MAC mode serial data transport features are disabled.
In addition to encrypting the data streams, it is possible to configure the
DeviceMaster so that only authorized client applications can connect using
SSL/TLS.
For this option to function, you must also
in the NS-
Link web page.
6.
If you are using a server certificate, click the Server Certificate check box and
enter the name in the Server Certificate text box.
This is the RSA identity certificate that the DeviceMaster uses during SSL/
TLS handshaking to identify itself. It is used most frequently by SSL server
code in the DeviceMaster when clients open connections to the DeviceMaster's
secure web server or other secure TCP ports.
If a DeviceMaster serial port configuration is set up to open (as a client) a TCP
connection to another server device, the DeviceMaster also uses this certificate
to identify itself as an SSL client, if requested by the server.
7.
If you are using a client certificate, click the drop list and browse to the
appropriate client certificate file.
When configured with a CA certificate, the DeviceMaster requires all SSL/TLS
clients to present an RSA identity certificate that has been signed by the
configured CA certificate. As shipped, the DeviceMaster is not configured with
a CA certificate and all SSL/TLS clients are allowed.
If desired, controlled access to SSL/TLS protected features can be configured
by uploading a client authentication certificate to the DeviceMaster.
When a CA certificate is uploaded, the DeviceMaster only allows SSL/TLS
connections from client applications that provide to the DeviceMaster an
identity certificate that has been signed by the CA certificate that was
uploaded to the DeviceMaster.
This uploaded CA certificate that is used to validate a client's identity is
sometimes referred to as a trusted root certificate, a trusted authority
certificate, or a trusted CA certificate. This CA certificate might be that of a
trusted commercial certificate authority or it may be a privately generated
certificate that an organization creates internally to provide a mechanism to
control access to resources that are protected by the SSL/TLS protocols.
To control access to the DeviceMaster's SSL/TLS protected resources you
should create your own custom CA certificate and then configure authorized
client applications with identity certificates signed by the custom CA
certificate.
8.
Click Apply or Ok to save the change and close the Comtrol Drivers
Management Console
9.
You may need to perform some of the following tasks to complete the
configuration process.
•
Configure device properties, see
•
Configure COM port properties, see
Configuring COM Port Properties
•
Configure any of the DeviceMaster ports as sockets, see
•
Enable Secure Data Mode in the NS-Link web page, see