Configuring secure platform communication
Platform and station security are independent of one another. The system defaults to enabling secure communication for both platform and station. Configuring a platform (Niagarad) for secure communication (platformtls) involves confirming the port, selecting the signed server certificate to use, and, if required, restricting the TLS protocol version.
- Double-click Platform, double-click Platform Administration and click Change TLS
Settings.The Platform TLS Settings window opens.
The following settings are available:State: TLS only. This is the required, and only, option for the JACE-9000. On the JACE-8000, this can be changed to Enable or Disable.
Daemon HTTPS Port: 5011. This is the required setting for the JACE-9000. On the JACE-8000 this can be changed to 3011.
Certificate Alias: default. If you are using a separate certificate for verifying niagarad communication, this is where you select the certificate which is already imported into the Certificate Management User Trust Store.
Certificate Password:
The password protects the certificate with a unique password or you can use the global certificate password (check box) to prompt the user to provide and verify this credential.- Protocol: TLSv1.2+. This can be set to another version via the drop-down list or set during the certificate generation process.Note:
TLSv1.0 and TLSv1.1 are still supported for backwards compatibility, but it is recommended to use TLSv1.2 and higher.
Use Extended Master Secret: This is an enhanced security option available with TLS. Choose to use this option (True) or not use (False).
TLS Cipher Suite Group: Choose an option to control which cipher suites can be used during TLS negotiation. The Recommended option is more secure than Supported and should be used unless it causes compatibility issues with the client.