Using https/ssl, Enabling and disabling secure access mode – Echelon SmartServer 2.2 User Manual

54

Configuring and Managing the SmartServer

Raw MD5
Authentication
Key

You can enter an MD5 authentication key to be used for authentication
when using the SmartServer as an RNI. This value must match the one
specified in the L

ON

W

ORKS

Interfaces control panel application. This box

is unavailable if you are using a Text Secret Phrase for authentication.

Note: Changing the key here is generally not necessary, as it is
automatically updated when modified in the L

ON

W

ORKS

Interfaces

control panel application (provided that the previous key was known by
the control panel, or was the default key [all zeros]).

For more information on using the SmartServer as an RNI and on the
L

ON

W

ORKS

Interfaces application, see Using the SmartServer as an RNI

in this chapter

Text Secret Phrase

You can enter a text secret phase instead of using a Raw MD5
authentication key for authentication when using the SmartServer as an
RNI. This box is unavailable if you are using a raw MD5 authentication
key for authentication.

4. Click Submit to save the changes. Click Back to leave all fields unchanged.

5. If you modified a property marked with a double asterisk (**), you must reboot your SmartServer.

See the Rebooting the SmartServer section later in this chapter for more information on how to do
this.

Using HTTPS/SSL

By default, the SmartServer includes a self-signed SSL certificate for the “SmartServer 2.2” hostname.
The name of an SSL certificate cannot match the host name; therefore, a warning will appear in your
Web browser each time you open your SmartServer if HTTPS is enabled. This SSL certificate is
included for demonstration purpose only and cannot provide secure communication.

To use HTTPS/SSL on a SmartServer, you must replace the default SSL certificate with one that has
been issued for that SmartServer (each SmartServer requires its own certificate). You can either create
a self-signed certificate and install it into your Web browser, or you can buy a direct-signed certificate
from an accredited certificate authority. The SmartServer does not support intermediate certificates;
therefore, make sure that the certificate authority issues direct signed certificates.

After receiving an SSL certificate for your SmartServer, save the private key as private_key.pem and
save the certificate as server_cert.pem, and then upload both files to the /config/certs folder on your
SmartServer flash disk.

Enabling and Disabling Secure Access Mode

You can control whether the security settings on your SmartServer can be modified via the Setup –
Security Web page. You do this by enabling and disabling secure access mode via the console
application.

To re-enable secure access temporarily, enter the enable secureaccess command. Users will
be able to access the security settings until your SmartServer is rebooted. To keep secure access mode
enabled after the next reboot, enter the enable secureaccess always console command (this
is the default secure access mode setting).

To disable secure access temporarily, enter the disable secureaccess command on the
console application. Users will not be able to access the security settings until your SmartServer is
rebooted. You can keep secure access mode disabled after the next reboot by entering the disable
secureaccess always command. You must also clear the Enable This Page Without Security
Access Reset option on the Setup - Security Web page to ensure that the security settings are
protected; otherwise, users will still be able to access them even when secure access mode is disabled.