Eaton ProtoAir Start-Up Guide
Page 35 of 66
Appendix A.1.1.2. Limiting Client Access
In addition to TLS_Port parameter also add Validate_Client_Cert in the connections section of the
configuration
file and set it to “Yes”.
Connections
Adapter , Protocol
, TLS_Port
, Validate_Client_Cert
N1
, Modbus/TCP
, 1502
, Yes
The configuration above sets the FieldServer to request and verify a client’s certificate against its internal
authority file before accepting connection. By default, this means the FieldServer will only accept
connections from other FieldServers.
In order to load an authority file so that the FieldServer will accept connections from a chosen list of
remote clients, configure the FieldServer with the following connection settings:
Connections
Adapter , Protocol
, TLS_Port
, Validate_Client_Cert
, Cert_Authority_File
N1
, Modbus/TCP
, 1502
, Yes
, my_authorized_clients.pem
This configuration has the FieldServer accept connections from clients who have the correct certificate.
The authority file is a collection of client certificates in PEM format. This file can be edited using any text
file editor.
NOTE:
Cert_Authority_File is useful only if Validate_Client_Cert is set to ‘Yes’.
Appendix A.1.1.3. Upload the Authority File to the FieldServer
1. Enter the IP address of the FieldServer into a web browser.
2.
Choose the ‘Setup’ option in the Navigation Tree and Select ‘File Transfer’.
3.
Choose the ‘General’ tab.
4.
Click on the ‘Browse’ button and select the PEM file you want to upload.
5.
Click on ‘Submit’.
6.
When it says “The file was uploaded successfully”, click on the ‘System Restart’ button.