Appendix: Certificate management and security - Metasys - LIT-12013222 - M4-OASHIST-0 - M4-OASMIN-0 - M4-OASMIN-6 - M4-OASMIN-SC3 - M4-OASMIN-SCS - M4-OASPPA-0 - M4-OASSCHRPT-0 - M4-OASSTD-0 - M4-OASSTD-6 - M4-OASSTD-SC3 - M4-OASSTD-SCS - Server - Open Application Server - 12.0

Guía de instalación del Servidor Abierto de Aplicaciones (OAS)

Product
Building Automation Systems > Application Servers > Open Application Server
Document type
Installation Guide
Document number
LIT-12013222
Version
12.0
Revision date
2023-02-07
Product status
Active
Follow the steps in this appendix for managing the trusted certificates on the Metasys Server or SCT computer, and for selecting security levels for the site. The Metasys server, SCT computer, and network engines are installed with self-signed certificates, which enables encrypted network communication between the devices. Optionally, the customer can deploy trusted certificates at the Metasys server or SCT computer and enable encrypted and trusted communication between the Metasys server and network engines. Trusted certificates, installed on the client computer and the Metasys SMP or SCT computer, are either provided by the customer's IT department or a Certificate Authority (CA).
Importante: Johnson Controls can assist in the assignment of certificates to Johnson Controls branded devices. However, Johnson Controls is not a Certificate Authority and does not manage certificates.

A security shield icon on the Metasys server or SCT login and user interface screens indicate the encryption state:

  • Green Shield: the connection is encrypted and trusted
  • Orange Shield: the connection is encrypted, but not trusted
  • Red Shield: the connection is encrypted, but the security level cannot be verified

To deploy a trusted server certificate at the Metasys server or SCT computer, follow Steps 1-3. Then, if the IT department or CA has provided separate files for the root and intermediate certificates, follow Step 4. Also follow Step 4 if you need to establish a trusted relationship between the client computer and the Metasys server and SCT computer. If you want to establish encrypted and trusted communication between the Metasys server and network engines, follow Step 5, which explains how to set the Site Security Level. Lastly, perform Step 6 if you want to verify all certificates are in place.

  1. Solicitud de un certificado de servidor
  2. Completar una solicitud de certificado de servidor
  3. Vinculación del certificado de seguridad
  4. Importar certificados raíz e intermedios
  5. Configuración del nivel de seguridad del sitio en cifrado y fiable
  6. Verificación de la cadena de certificados del servidor

For details on how to remove or rebind a secure certificate, see Eliminar o volver a vincular el certificado de seguridad. For details about how to remove a self-signed certificate from the certificate store, see Removing the self-signed certificates in the certificate store. For details on renewing an existing certificate, see Renewing an Existing Certificate. For details on certificates from a third-party certificate authority, see Requesting certificates from a third party certificate authority. For details about managing certificates on network engines, refer to SCT: System Configuration Tool Help (LIT-12011964).

Lastly, this appendix describes how to use two special security attributes that you set in the site object of the Site Director: Site Security Level and Advanced Security Enabled. See the following sections for details:

Configuración del nivel de seguridad del sitio en cifrado y fiable

Cambiar Seguridad avanzada habilitada a Falso