Requesting BACnet/SC certificates - Metasys - LIT-12013959 - 13.0

BACnet/SC Workflow Technical Bulletin

Document type
Technical Bulletin
Document number
Revision date
Product status

Use the BACnet/SC Management feature that is part of Metasys UI or Johnson Controls System Configuration Tool (JCT) to manage your certificates.

Important: Before you complete these steps, ensure that there is no existing Certificate Signing Request (CSR) pending. A new CSR voids any BACnet/SC certificates that were previously requested. This could be frustrating to the customer, as they may have to pay twice for new certificates.

To request certificates from the BACnet/SC Management window, complete the following steps:

  1. Click the Devices tab, if it is not already open.
  2. Select one or more devices that you want to request a certificate for. To see a full list of devices click FILTER > Network Device > All Devices.
    Note: You can select a maximum of 50 devices at a time.
  3. Click ACTIONS > Request Certificate(s).
  4. If you select devices that already have a Certificate Signing Request (CSR) pending, choose to overwrite or keep the existing CSR.
    Note: If you select Overwrite and proceed, you generate a new CSR, which replaces the pending CSR and invalidates any operational certificate that is based on the pending CSR. If you select Keep existing, any devices that have a pending CSR are excluded, as if they were never selected. These devices are counted in the No Action Taken results at the Confirmation stage of the request process.
  5. Complete the Request Certificates parameters and click REQUEST.
    Note: Domain Name is an optional field. You can append a domain name to the auto-generated common name. The presence of the Domain Name in the common name of the device may be required by a Public Key Infrastructure (PKI) in order for the PKI to sign the CSR. For example, if the device name is MAC00108D0B94AE and the Domain Name field is blank, the auto-generated common name in the CSR is "MAC00108D0B94AE". If you enter in the Domain Name field, the common name in the CSR is "".
  6. Click the DOWNLOAD CSR(S) button to download a .zip file that contains the CSRs. The CSRs are in a Privacy Enhanced Mail (PEM) format, each is put in their own file and all the files are zipped into a single .zip file. The .zip file is stored in the default path the browser uses, typically the Downloads folder in the users profile folder on the computer. The file name follows this format: Certificate Signing
  7. Submit the .zip file to the Certificate Authority (CA) that is responsible for signing the certificates.
    Note: There may be multiple .zip files, as one CSR covers 50 devices only.