SimplySNAP BMS Gateway/ProtoAir Start-up Guide
Page 42 of 52
Appendix B.1.1.2 Limiting Client Access
In addition to TLS_Port parameter also add Validate_Client_Cert in the connections section of the
configuration file and set it to “Yes”.
Connections
Adapter , Protocol
, TLS_Port
, Validate_Client_Cert
N1
, Modbus/TCP
, 1502
, Yes
The con
figuration above sets the FieldServer to request and verify a client’s certificate against its internal
authority file before accepting connection. By default, this means the FieldServer will only accept
connections from other FieldServers.
In order to load an authority file so that the FieldServer will accept connections from a chosen list of remote
clients, configure the FieldServer with the following connection settings:
Connections
Adapter , Protocol
, TLS_Port
, Validate_Client_Cert
, Cert_Authority_File
N1
, Modbus/TCP
, 1502
, Yes
, my_authorized_clients.pem
This configuration has the FieldServer accept connections from clients who have the correct certificate. The
authority file is a collection of client certificates in PEM format. This file can be edited using any text file
editor.
NOTE: Cert_Authority_File is useful only if Validate_Client_Cert is set to ‘Yes’.
Appendix B.1.1.3 Upload the Authority File to the FieldServer
1. Enter the IP address of the FieldServer into a web browser.
2.
Choose the ‘Setup’ option in the Navigation Tree and Select ‘File Transfer’.
3.
Choose the ‘General’ tab.
4.
Click on the ‘Browse’ button and select the PEM file you want to upload.
5.
Click on ‘Submit’.
6. When the message
“The file was uploaded successfully” appears, click on the ‘System Restart’
button.