Importing BACnet/SC operational certificates - Metasys - LIT-12013959 - 13.0

BACnet/SC Workflow Technical Bulletin

Document type
Technical Bulletin
Document number
Revision date
Product status

Use the BACnet/SC Management feature that is part of Metasys UI or Johnson Controls System Configuration Tool (JCT) to manage your certificates.

Note: Normally, when you import a certificate to a device that already has one, the new certificate will be signed by the same CA as the old certificate and no special steps are needed. This is because the expiration time period on a CA certificate is 20 or more years. However, if the certificate to be imported has been signed by a new CA, the new CA should be distributed to every device that is using BACnet/SC on the site prior to importing any certificates signed by it. This is to prevent communication disruption between devices that will not trust the new CA. If you want to import a certificate to a device that is talking BACnet/IP, you can either put the CA down first by importing the signing certificate or just perform the import of the operational certificates, as this automatically adds the CA if it does not exist on the device yet.
To import operational certificates, complete the following steps:
  1. Click the IMPORT OPERATIONAL CERTIFICATE(S) button in the upper right of the BACnet/SC Management widget.
  2. Click Choose File and go to the .zip file that you want to import.
    Note: The .zip file can contain a maximum of 50 operational certificates. The import fails if the number of operational certificates in the .zip file exceeds 50.
  3. Confirm that the file is from a trusted source and click IMPORT AND APPLY. Certificates that pass the validation checks are then automatically assigned to the specified device.
  4. Wait about 30 seconds before you set the communication mode to Secure Connect Only Mode.