1 tls proxy server, Tls proxy server – Campbell Scientific NL200/NL201 Network Link Interface User Manual
Page 30

NL200/201 Network Link Interface
In order to use TLS, the user must configure the NL200/201 with a user-
supplied TLS Private Key and TLS Certificate. The key and certificate are
loaded using DevConfig.
Using DevConfig, navigate to the Settings Editor tab and then to the TLS tab.
•
Load the user-supplied, PEM-formatted TLS Private key using the
Set
TLS Key … button. A file dialog will open. Navigate to the key file
and click
Open.
•
Load the user-supplied, PEM-formatted TLS Certificate using the
Set
TLS Certificate … button. A file dialog will open. Navigate to the
certificate file and click
Open.
•
Enter the
TLS Private Key Password if the TLS Private Key is
encrypted. Otherwise, leave the setting blank.
•
After loading the key and certificate, click the
Apply button. The
NL200/201 will reboot. Connect with DevConfig again and navigate
to the Settings Editor tab and then to the TLS tab. The
TLS Status
should say
Initialized.
The TLS Settings described above cannot be edited over a
standard TCP DevConfig link. The TLS Private Key, TLS Private
Key Password and TLS Certificate can only be edited/transmitted
over a secure DevConfig link (USB or TLS).
If the status of the TLS stack is
Initialized, the NL200/201 will
automatically negotiate a secure TLS connection with DevConfig
as long as the
Use IP Connection option is selected.
7.6.1 TLS Proxy Server
A TLS proxy server is a device that acts as a secure intermediary for requests
from clients seeking resources from other servers. A client connects to the
proxy server, requesting some service, such as a file, connection, web page, or
other resource, available from a different server. The proxy server evaluates
the request according to its filtering rules. For example, it may filter traffic by
IP address or protocol. If the request is validated by the filter, the proxy
provides the resource by connecting to the relevant server and requesting the
service on behalf of the client.
When the TLS Proxy Server function is enabled, the NL200/201’s TLS Proxy
Server maintains a secure TLS connection with a remote TLS client and
forwards data onto a datalogger using a standard TCP connection thus enabling
communication with TLS clients. The TLS client can be a web browser using
HTTPS or other user-supplied TLS client. Any other client program that
encrypts a standard TCP connection using TLS may be used to establish a
connection with the NL200/201 TLS Proxy Server and the NL200/201 will
forward unencrypted TCP data to a datalogger. In this way, a remote TLS
client can establish a TLS connection with a datalogger.
NOTE
NOTE
20