AMX NI-3101-SIG SSL Server Certificate Creation Procedures

NetLinx Security within the Web Server

78 NI-3101-SIG Signature Series NetLinx Integrated Controller

SSL Server Certificate Creation Procedures

Initially, a NetLinx Master is not equipped with any installed certificates. In order to prepare a Master

for later use with CA (officially issued) server certificates, it is necessary to:

 First create a self-generated certificate which is automatically installed onto the Master.

 Secondly, enable the SSL feature from the Enable Security page. Enabling SSL security

after the certificate has been self-generated insures that the target Master is utilizing a secure

connection during the process of importing a CA server certificate over the web.

A certificate consists of two different Keys:

 Master Key is generated by the Master and is incorporated into the text string sent to the CA

during a certificate request. It is unique to a particular request made on a specific Master.

 Public Key is part of the text string that is returned from the CA as part of an approved SSL

Server Certificate. This public key is based off the submitted Master key from the original

request.

 Regenerating a previously requested and installed certificate invalidates that certificate

because the Master Key has been changed.

1. Navigate to the Server Certificate page by clicking System Settings > Manage System > Server >

Create SSL Certificate to open the Server Certificate page (FIG.49).

A self-generated certificate has lower security than an external CA generated

certificate.

FIG. 49 Create an SSL Certificate dialog

Server Certificate - available actions

Contents

Main AMX Limited Warranty and Disclaimer Configuration and Firmware Update ................................................................21 NetLinx Security within the Web Server ...........................................................41 NetLinx Security with a Terminal Connection .................................................117 Page Introduction NI-3101-SIG Specifications Page NI-3101-SIG Specifications (Cont.) Page Page Installation and Upgrading Device:Port:System (D:P:S) Installation into an Equipment Rack 1. 2. 3. 4. 5. Connections and Wiring Setting the Configuration DIP Switch for the Configuration Port Program Run Disable (PRD) mode Working with the Configuration DIP switch 1. 2. 3. Configuration Port Connections and Wiring Modes and Front Panel LED Blink Patterns Modes and LED Blink Patterns Port Assignments and Functionality AXlink Port and LED Wiring Guidelines Wiring length guidelines Preparing captive wires 1. 2. 3. Wiring a power connection 1. 2. 3. Using the 4-pin mini-Phoenix connector for data and power Using the 4-pin mini-Phoenix connector for data with external power DB9 Device Port: Connections and Wiring Relay Port: Connections and Wiring Up to 8 independent external relay devices may be connected to the Relay connectors on the device. RS-232/422/485 Device Port Wiring Specifications Relay connections Input/Output (I/O) Port: Connections and Wiring IR/Serial Port: Connections and Wiring The IR/Serial connector wiring specifications are listed in the following table: I/O Port Wiring Specifications - NI-3101-SIG IR/Serial Connector Wiring Specifications (per Port) Ethernet/RJ-45 Port: Connections and Wiring The following table lists the pinouts, signals, and pairing for the Ethernet connector. 123 456 78 Ethernet LEDs FIG.11 diagrams the RJ-45 pinouts and signals for the Ethernet RJ-45 connecto r and cable. Ethernet ports used by the Integrated Controllers Ethernet Ports Used by the NetLinx Integrated Controllers Replacing the Timekeeper Battery Configuration and Firmware Update Communicating with the Master via the Program Port 7. 8. Setting the System Value 1. Page Changing the Device Address of a NetLinx Device Recommended NetLinx Device numbers Using the ID Button to Change the Controllers Device Value 1. 2. 3. Resetting the Factory Default System and Device Values Obtaining the Masters IP Address (using DHCP) Page Assigning a Static IP to the NetLinx Master Communicating with the NI Device via an IP Page Page Verifying the current version of NetLinx Master Firmware 1. 2. 3. 4. Upgrading the On-board Master Firmware via an IP 1. 2. 3. 4. 7. 8. 9. 10. 11. 12. 13. Upgrading the NI Controller Firmware via IP Page Page Page NetLinx Security within the Web Server NetLinx Security Terms Accessing an Unsecured Master via an HTTP Address 1. 2. 3. 4. Browser Application Frames Default Security Configuration Page Master Firmware Security Access Parameters Web Control Managing WebControl Connections Security Features Manage WebControl Connection Page Features Security - System Level Security page System Level Security Page System Level Security Page (Cont.) Setting the system security options for a NetLinx Master 1. 2. 3. 4. 5. 6. ICSP Authentication Security - Group Level Security page Configure Group Properties Page Page Page Security - User Level Security page Configure User Properties Page Adding a new User 1. 2. 3. 4. 5. Page System Settings System Settings - Manage System page Manage System Page Components Page Manage System Page Components (Cont.) Manage System - System Menu Buttons Page Page 7. 8. 9. 10. 11. Page Setting up and removing a Diagnostic Filter 1. 2. 3. 4. Diagnostic Configuration Dialog (Cont.) 5. 6. Setting the Masters Port Configurations Manage System - Server 3. 1. frame). SS SS SS SS SS Modifying the Server Port Settings 1. dialog seen above in FIG.47. 2. 3. Enabled checkbox and then entering a value within the Port N umb er field . Server Port Settings 4. button and reconnect to the Master. 5. Server Port Settings (Cont.) SSL Server Certificate Creation Procedures 1. Server Certificate Entries Page Page Page Common Steps for Requesting a Certificate from a CA Page 11. Server - Importing a CA created SSL Certificate 1. 2. 3. 4. Manage System - Device Menu Buttons 4. 5. 6. 7. 8. 9. Page 10. 11. 4. Device Menu - Changing the Device Number 1. 2. Page System Settings - Manage License Adding a new license 1. 3. 2. Page System Settings - Manage NetLinx Devices Manage NetLinx Devices Page (Cont.) Manage NetLinx Devices - Displaying NDP-capable devices 1. 2. Manage NetLinx Devices - Binding/Unbinding - Explained Manage NetLinx Devices - Obtaining NetLinx Device information 1. System Settings - Manage Other Devices - Dynamic Device Discovery Pages Manage Other Devices Page Page Manage Other Devices Page (Cont.) What is Dynamic Device Discovery? What is the difference between Program and Run-time defined binding? Manage Other Devices - Manage Device Bindings Configuring application-defined devices What are Application Devices and their association status? Page Page Manage Other Devices Menu - Viewing Discovered Devices Page Manage Other Devices Menu - Creating a new User-Defined Device 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 3. 4. 5. 6. How do I configure a Run-time installation 1. Accessing an SSL-Enabled Master via an IP Address 3. 1. 2. 4. 5. 6. Page Page 7. 8. 9. 10. 11. What to do when a Certificate Expires NetLinx Security with a Terminal Connection NetLinx Security Features Initial Setup via a Terminal Connection Establishing a Terminal connection via the RS-232/USB Configuration Port 1. 2. 3. 4. 5. 6. 2. 3. 4. Option 1 - Set system security options for NetLinx Master (Security Options Menu) Page The items in the Security Options Menu are described below: Option 2 - Display system security options for NetLinx Master Option 3 - Add user 1. create a new user account. A sample session response is: Security Options Menu 2. 3. 4. 5. 6. Option 4 - Edit User 1. 2. Edit User Menu Access Rights Menu Edit User Menu Option 5 - Delete user 1. user account and returns you to the Security Setup menu. delete an existing user account. A sample session response is: 2. Access Rights Menu Page Edit Group menu: Delete directory association 1. 2. Edit Group menu: List directory associations 1. Edit Group menu: Change Access Rights 1. 2. Edit Group menu: Display Access Rights 1. 2. Option 8 - Edit Group 1. Page Page Main Security Menu The Main Security menu is described below: Main Security Menu Default Security Configuration versions. Main Security Menu (Cont.) disabled. Help menu Type help at the prompt in the Telnet session to display the following help topics: Help Menu Options Help Menu Options (Cont.) Logging Into a Session Logout Help Security Setup Security Page Programming Converting Axcess Code to NetLinx Code Master Send_Commands Master Send_Commands (Cont.) Master IP Local Port Send_Commands Using the ID Button 1. 2. Device:Port:System (D:P:S) Configuration Port Commands Configuration Port Commands Page Page Page Page Page Page Page Page Page Page Page ESC Pass Codes Notes on Specific Telnet/Terminal Clients WindowsTM client programs Linux Telnet client LED Disable/Enable Send_Commands RS232/422/485 ports are Ports 1-6). RS232/422/485 Ports Channels THE FOLLOWING SECTIONS ONLY APPLY TO THE INTEGRATED CONTROLLER COMPONENT OF THE NI-3101-SIG. LED Send_Commands RS-232/422/485 Send_Commands RS-232/422/485 Send_Commands Page Page RS-232/422/485 Send_String Escape Sequences RS-232/422/485 Send_String Escape Sequences IR / Serial Ports Channels IR/Serial Send_Commands IR/Serial Send_Commands PORT 4 IR,CARRIER,IO LINK 0 Page Page Page Page Input/Output Send_Commands I/O ports: Port 17. Channels: 1 - 8 I/O channels. I/O Send_Commands Troubleshooting Troubleshooting Information Troubleshooting Information (Cont.)