Appendix: Certificate management and security - Metasys - LIT-12011279 - General System Information - Metasys System - 10.1

Network and IT Guidance Technical Bulletin

Brand
Metasys
Product name
Metasys System
Document type
Technical Bulletin
Document number
LIT-12011279
Version
10.1
Revision date
2019-12-20
Language
English

Follow the steps in this appendix for managing the trusted certificates on the Metasys Server or SCT computer, and for selecting security levels for the site. The Metasys server, SCT computer, and network engines are installed with self-signed certificates, which enables encrypted network communication between the devices. Optionally, the customer can deploy trusted certificates at the Metasys server or SCT computer and enable encrypted and trusted communication between the Metasys server and network engines. Trusted certificates, installed on the client computer and the Metasys SMP or SCT computer, are either provided by the customer's IT department or a Certificate Authority (CA). A security shield icon on the Metasys server or SCT login and user interface screens indicate the encryption state:

  • Green Shield: the connection is encrypted and trusted
  • Orange Shield: the connection is encrypted, but not trusted
  • Red Shield: the connection is encrypted, but the security level cannot be verified

To deploy a trusted server certificate at the Metasys server or SCT computer, follow Steps 1-3 referenced below. Then, if the IT department or CA has provided separate files for the root and intermediate certificates, follow Step 4. Also follow Step 4 if you need to establish a trusted relationship between the client computer and the Metasys server and SCT computer. If you want to establish encrypted and trusted communication between the Metasys server and network engines, follow Step 5, which explains how to set the Site Security Level. Lastly, perform Step 6 if you want to verify all certificates are in place.

  1. Requesting a server certificate
  2. Completing a server certificate request
  3. Binding the secure certificate
  4. Importing root and intermediate certificates
  5. Setting the Site Security Level to Encrypted and Trusted
  6. Verifying the server certificate chain

For details on how to remove or rebind a secure certificate, see Removing or rebinding the secure certificate. For details about how to remove a self-signed certificate from the certificate store, see Removing the self-signed certificates in the certificate store. For details about managing certificates on network engines, refer to Metasys® SCT Help (LIT-12011964) .

Lastly, this appendix describes how to use two special security attributes that you set in the site object of the Site Director: Site Security Level and Advanced Security Enabled. See the following sections for details:

Setting the Site Security Level to Encrypted and Trusted

Changing Advanced Security Enabled to False