Open the DeviceMaster Port Configuration page using one of these methods:
Web browser: Open your web browser and enter the DeviceMaster IP
PortVision DX: if necessary, start PortVision DX, right-click the DeviceMaster that you want to
configure, and click the Webpage button.
Click Port | Port x for which you want to configure.
If connecting an RS-422 or RS-485 serial device to this port, select the appropriate
setting from the Mode drop list.
If necessary, set additional Serial or Advanced parameters to match your serial device.
Click the Enabled in the
TCP Connection section.
Optionally, click Clone Settings to All Serial Ports if you want to set up all of the DeviceMaster
serial ports with the same serial characteristics.
You will need the DeviceMaster IP address and the TCP port number associated with the
specific physical serial port in order to configure the secure COM port redirector.
Repeat as necessary on additional serial ports.
Click Network | Security.
Click Enable Secure Data Mode
so that TCP connections that carry
data to/from the serial ports are encrypted using SSL or TLS security protocols.
If this is enabled the following DeviceMaster features are disabled:
The Pepperl+Fuchs Comtrol, Inc. proprietary MAC mode Ethernet driver protocol used in NS-Link
and both UDP and MAC mode serial data transport
The e-mail feature in SocketServer
The RFC1006 features in SocketServer
Click Enable Secure Config Mode if you want to provide this
level of security, which disables the following features:
Telnet access to administrative and diagnostic functions is disabled. SSH access is still allowed.
Unencrypted access to the web server via port 80 (http:// URLs) is disabled.
Encrypted access to the web server via port 443 (https:// URLs) is still allowed.
Administrative commands that change configuration or operating state
which are received using the Pepperl+Fuchs Comtrol, Inc. proprietary TCP driver protocol on TCP port 4606 are ignored.
Administrative commands that change configuration or operating state that are
received using the Pepperl+Fuchs Comtrol, Inc. MAC mode proprietary Ethernet protocol number 0x11FE are ignored.
If necessary, click Enable Telnet/ssh.
If desired, click Enable Monitoring Secure Data via Telnet/SSH,
Select the Minimum Allowed SSL/TLS Version.
If desired, configure the Allow TCP connections only from the address blocks below option.
Click the Save button.
Click the Keys/Certs page.
If required, configure the
RSA key pair used by SSL and SSH servers option.
This is used to sign the Server RSA Certificate in order to verify that the
DeviceMaster is authorized to use the server RSA identity certificate. Possession of the private
portion of this key pair allows somebody to pose as the DeviceMaster If the Server RSA Key is to be replaced, a corresponding RSA identity certificate
must also be generated and uploaded or clients are not able to verify the identity certificate.
Click Browse to locate the server RSA key.
If required, configure the RSA Server Certificate used by SSL servers option to identity certificate
that the DeviceMaster uses during SSL/TLS handshaking to identify itself.
It is used most frequently by SSL server code in the DeviceMaster when clients open connections to the
DeviceMaster's secure web server or other secure TCP ports. If a DeviceMaster serial port
configuration is set up to open (as a client) a TCP connection to another server device,
the DeviceMaster also uses this certificate to identify itself as an SSL client if requested by the server.
In order to function properly, this certificate must be signed using the Server RSA Key.
This means that the server RSA certificate and server RSA key must be replaced as a pair.
Click Browse to locate the RSA server certificate.
If required, configure the DH Key pair used by SSL servers option to enter the private/public key
pair that is used by some cipher suites to encrypt the SSL/TLS handshaking messages.
Possession of the private portion of the key pair allows an eavesdropper to decrypt traffic on SSL/TLS
connections that use DH encryption during handshaking.
If required, configure the Client authentication certificate used by SSL servers option to upload the
Client Authentication Certificate.
If a CA certificate is uploaded, the DeviceMaster only allows SSL/TLS connections from client
applications that provide to the DeviceMaster an identity certificate that has been signed by the
CA certificate that was uploaded to the DeviceMaster.
This uploaded CA certificate that is used to validate a client's identity is sometimes referred to
as a "trusted root certificate", a "trusted authority certificate", or a "trusted CA certificate".
This CA certificate might be that of a trusted commercial certificate authority or it may be a privately
generated certificate that an organization creates internally to provide a mechanism to control
access to resources that are protected by the SSL/TLS protocols.
To control access to the DeviceMaster's SSL/TLS protected resources you should
create your own custom CA certificate and then configure authorized client applications with
identity certificates signed by the custom CA certificate.
Click Browse to locate the Client Authentication Certificate.
After completing the key and certification management,
Click System | Reboot for the changes to take affect.
Install the secure port redirector.