Setting up a secure port
The BACnet ScPort component uses a client certificate (operational certificate) to initiate hub connections with a primary or failover hub
or to initiate direct connections with other BACnet/SC nodes. This procedure sets up the security in a single remote controller
(node). Each individual device on your BACnet network also requires secure communication. Refer to the device manufacturer’s
documentation to configure devices that do not run
Prerequisites: You configured the local device for this remote controller. You are working in
- To add the secure port, open the bacnet palette, expand the NetworkPorts folder in the palette, add an ScPort to the Network Property Sheet, enter a name for this ScPort in the Name window that opens, and click OK.The system adds the ScPort component to the Property Sheet.
- Double-click the port you just added, configure the
Network Numberand click Save. - To assign the operational (client) certificate, expand , select the certificate’s alias from the
Aliasdrop-down list and provide the certificate’s associated password, which is either the unique password or the global certificate password. - To assign an issuer certificate (CA), expand Issuer Certificate1, click the folder icon to the right of
Issuer Certificate, use the File Chooser to select the exported public certificate for the Secure Connect site CA certificate and click Open.An issuer certificate is an exported Secure Connect site CA certificate without its private key. This certificate verifies a remote device’s authenticity when it makes a connection to the hub. - To specify the behavior of the node that hosts the hub towards incoming and outgoing direct connections, expand Node Switch.The Node Switch properties expand.
- Set
Accept Enabledand theInitiateEnabledas needed and click Save.SettingAccept Enabledtotruetriggers theFault Causeto report No BACnet/SC user associated with this link layer. - To associate a user, right-click HubFunction and select