Platform TLS settings
This window sets up the platformtls (niagarad) properties that provide server authentication and encryption. To access it, right-click and double-click Change TLS Settings.
| Name | Value | Description |
|---|---|---|
| State | TLS | Defaults to TLS only. |
| Port | number | The port for secure communication. Defaults to 5011 |
| Certificate Alias | text (defaults to the default self-signed
certificate) | Provides a list of available certificate aliases to choose
from. As of Niagara 4.13, the default certificate
is the self-signed certificate automatically created when you first
accessed the platform. Note: If the It
cannot be deleted and should be used for recovery purposes. The default
certificate is protected by the global certificate password. If other
certificates are in the host platform’s key store, you can select
them from the drop-down list.tridium certificate
is already used on the station or the platform runs a pre-Niagara 4.13 version, the tridium certificate is used,
but it will not serve as a recovery certificate. |
| Certificate Password | text and check box | As of Niagara 4.13, the certificate is password-protected by a unique password or the global certificate password. Prompts the user to provide the user-defined password or the global certificate password associated with the certificate. |
| Protocol | TLSv1.0+ — Includes TLS versions 1.0, 1.1, and 1.2, providing the most flexibility; TLSv1.1+ — Only TLS versions 1.1 or 1.2 are accepted; TLSv1.2+ — (default) Only TLS versions 1.2 or 1.3 are accepted; TLSv1.3 — Only TLS version 1.3 is accepted. | Defines the minimum TLS (Transport Layer Security) protocol version that the platform daemon’s secure server accepts to negotiate with a client for a secure platform connection. During the handshake, the server and client agree on which protocol to use. |
| Use Extended Master Secret | true (default) or false | Turns on and off the “Extended Master Secret” on a server. When turned off (set to false) and the platform restarts, the CPU usage does not change significantly when connecting to the Platform Administration view from a FIPS-mode Workbench. |
| TLS Cipher Suite Group | drop-down list, recommended (default) or supported | Controls which cipher suites can be used during TLS negotiation. The default is more secure than the other option (Supported) and should be used unless it causes compatibility issues with the client. |