Comtrol Logo

 Active Products
 DeviceMaster FreeWire
 DeviceMaster LT
 DeviceMaster PRO/RTS/Serial Hub
 DeviceMaster UP
 DeviceMaster 500
 RocketLinx
 RocketModem IV
 RocketPort EXPRESS
 RocketPort EXPRESS SMPTE
 RocketPort INFINITY
 RocketPort Universal PCI
 RocketPort uPCI Plus
 RocketPort uPCI SMPTE
 RocketPort uPCI 422
 RocketPort 550 uPCI
 RocketPort USB Serial Hub II & III
 Troubleshooting
 Comtrol .iso Files
 Beta Files
 Obsolete/Legacy Files
 BroadPort 550
 DeviceMaster
 DeviceMaster AIR
 DeviceMaster ATS-LNX
 DeviceMaster ATS-NTe
 DeviceMaster ATS-XPe
 DeviceMaster Primo
 DeviceMaster PRO/RTS/Serial Hub
 Device Drivers
 Firmware
 Installation Overview
 Hardware Installation
 Program IP Address
 Firmware Procedures
 NS-Link Drivers
 Secure Port Redirector
+Configure Web Page
 Install Port Redirector
 Configure Ports
 PortVision Plus and Utilites
 Secure Port Redirector
 Supporting Documents
 Troubleshooting
 DeviceMaster 500
 Hostess Family
 RocketModem
 RocketPort
 RocketPort Serial Hub & RocketPort USB Serial Hub
 Smart Hostess
 Ultra 8/16-Port and MC
 VS1000/1100
 VS2000 V.34
 VS3000
 Warranty
 FTP Administrator - Report Issues

DeviceMasterConfiguring Serial Ports and Enabling Security

The first step to setting up a secure connection on the DeviceMaster is to use SocketServer to configure the serial port(s), enable the serial port(s) for Socket Mode and configure DeviceMaster security.

  1. Open the DeviceMaster Server Configuration page using one of these methods:

    • Web browser: Open your web browser and enter the DeviceMaster IP address.

    • PortVision Plus: if necessary, start PortVision Plus, right-click the DeviceMaster that you want to configure, and click Web Manager.

  2. Click the port for which you want to configure.

    [Note]
    Note

    Click the ? in a configuration area for field specific information or the Help button at the bottom of the page to view page level help.

  3. If connecting an RS-422 or RS-485 serial device to this port, select the appropriate setting from the Mode drop list.

  4. If necessary, set additional Serial configuration parameters to match your serial device.

  5. Click Enable in TCP Connection Configuration.

  6. Optionally, click Clone if you want to set up all of the DeviceMaster serial ports with the same serial characteristics.

    [Note]
    Note

    You will need the DeviceMaster IP address and the TCP port number associated with the specific physical serial port in order to configure the secure COM port redirector.

  7. Click Save.

  8. Click Ok at the Configuration Updated page.

  9. Repeat as necessary on addional serial ports.

  10. Click Configure Security.

  11. Click Enable Secure Data Mode so that TCP connections that carry data to/from the serial ports are encrypted using SSL or TLS security protocols. If this is enabled the following DeviceMaster features are disabled:

    • The Comtrol proprietary MAC mode Ethernet driver protocol used in NS-Link and both UDP and MAC mode serial data transport

    • The e-mail feature in SocketServer

    • The RFC1006 features in SocketServer

  12. Click Enable Secure Config Mode if you want to provide this level of security, which disables the following features:

    • Telnet access to administrative and diagnostic functions is disabled. SSH access is still allowed.

    • Unencrypted access to the web server via port 80 (http:// URLs) is disabled. Encrypted access to the web server via port 443 (https:// URLs) is still allowed.

    • Administrative commands that change configuration or operating state which are received using the Comtrol proprietary TCP driver protocol on TCP port 4606 are ignored.

    • Administrative commands that change configuration or operating state that are received using the Comtrol MAC mode proprietary Ethernet protocol number 0x11FE are ignored.

  13. If necessary, click Enable Telnet/ssh.

  14. If required, click Set to configure RSA key pair used by SSL and SSH servers.

    This is used to sign the Server RSA Certificate in order to verify that the DeviceMaster is authorized to use the server RSA identity certificate. Possession of the private portion of this key pair allows somebody to pose as the DeviceMaster If the Server RSA Key is to be replaced, a corresponding RSA identity certificate must also be generated and uploaded or clients are not able to verify the identity certificate.

    1. Click Browse to locate the server RSA key.

    2. Click Upload.

  15. If required, click Set to configure the RSA identity certificate that the DeviceMaster uses during SSL/TLS handshaking to identify itself.

    It is used most frequently by SSL server code in the DeviceMaster when clients open connections to the DeviceMaster's secure web server or other secure TCP ports. If a DeviceMaster serial port configuration is set up to open (as a client) a TCP connection to another server device, the DeviceMaster also uses this certificate to identify itself as an SSL client if requested by the server.

    In order to function properly, this certificate must be signed using the Server RSA Key. This means that the server RSA certificate and server RSA key must be replaced as a pair.

    1. Click Browse to locate the RSA server certificate.

    2. Click Upload.

  16. If required, click Set to enter the private/public key pair that is used by some cipher suites to encrypt the SSL/TLS handshaking messages. Possession of the private portion of the key pair allows an eavesdropper to decrypt traffic on SSL/TLS connections that use DH encryption during handshaking.

  17. If required, click Set to upload the Client Authentication Certificate.

    If a CA certificate is uploaded, the DeviceMaster only allows SSL/TLS connections from client applications that provide to the DeviceMaster an identity certificate that has been signed by the CA certificate that was uploaded to the DeviceMaster.

    This uploaded CA certificate that is used to validate a client's identity is sometimes referred to as a "trusted root certificate", a "trusted authority certificate", or a "trusted CA certificate". This CA certificate might be that of a trusted commercial certificate authority or it may be a privately generated certificate that an organization creates internally to provide a mechanism to control access to resources that are protected by the SSL/TLS protocols.

    To control access to the DeviceMaster's SSL/TLS protected resources you should create your own custom CA certificate and then configure authorized client applications with identity certificates signed by the custom CA certificate.

    1. Click Browse to locate the Client Authentication Certificate.

    2. Click Upload.

  18. After completing the key and certification management, click Save.

  19. Click Reboot for the changes to take affect.

  20. If you want to configure a secure COM port, install the secure port redirector.
nice color
06/11/14Home | Comtrol Support 
Copyright © 2014 Comtrol Corporation.