Accessibility Skip to content
Article ID: 000037927
Last Modified Date: 12/10/2021
Access Level: Public

MGC 7.5: Secure Socket Layer (SSL)

SSL (Secure Socket Layer) enables secure HTTP connection on MCU’s with XPEK Operating Systems with the MGC Manager, WebCommander and MGC API applications. SSL Certificate is required to enable SSL-level security for the MCU’s connection to external applications. SSL uses a third party, that is the Certificate Authority, to identify HTTP transactions and secure them using the HTTPS protocol. The SSL certificate must be obtained on first connection to the MCU. To obtain the SSL certificate:
  1. Connect to the MCU.  
  2. Right-click the unit’s icon or name, and then click Create SSL Certificate Request.

      The dialog box opens where you can enter data for the request and apply.
  3. Fill in the following information:
    Field Description
    Country Enter any 2 letter code for the country name.
    State or Province Enter the full name of the state or province.
    Locality Enter the full name of the town/city/location.
    Organization Enter the full name of your organization for which the certificate will be issued.
    Organizational Unit Enter the full name of the unit (group or division) for which the certificate will be issued.
    Common Name
    (DNS/IP)
    Enter the DNS or the IP address of the MCU.


    Enter complete information, as all fields are mandatory for the request.
  4. Click Apply.
    The new certificate request appears in the details box.

     
  5. Click Copy, then click Close.
    Alternatively, for a previously defined MCU for which SSL has been obtained before, click Get to get the latest certificate request from the MCU.  
  6. In the browser, access your preferred certificate authority (for example, http:// www.thawte.com and select from the quick login box: Certificate Status), paste the certificate request from MCU and submit. The authority issues the SSL certificate, and sends the certificate to you by E-mail.  
  7. When the E-mail with the certificate arrives from the authority, select the text and click Copy.  
  8. Back in the MGC Manager application, right-click the MCU’s icon and click Send SSL Certificate.

      The Send SSL Certificate dialog box opens.
  9. Paste the certificate’s text in the Send SSL certificate window.

     
  10. Click Send.
    The MCU validates the certificate.
    — If the certificate is not valid, the following message appears:



    — If the certificate matches the private key, and the task is completed, a message
    informs you that the certificate was created successfully.


     
  11. Reset the MCU.
    The system has access to the SSL-secured port 443.  
To enable a Mandatory and Secure connection for the MCU:
  1. Before connecting the MCU, right-click the MCU icon and click MCU Utils, then click Edit “system.cfg”.
    The SysConfig dialog box opens.  
  2. In the GENERAL section, set the following flags to:

    — SECURED_PORT_MANDATORY_FOR_API=YES
    — SECURED_PORT_MANDATORY_FOR_FILE=YES
    — PREFERRED_SECURED_PORT=443  
  3. Click OK and then reset the MCU.  
  4. Right-click the MCU icon and then clickProperties.   NOTE:
    Do not connect to the MCU. When you right-click the MCU, the MCU should be disconnected and the icon appear grey. The Properties dialog box opens.
  5. Click Advanced.  
  6. Select the Secured check box to enable mandatory security.

     
  7. Ensure that the Automatic Discovery option is deactivated (clear the check box).  
  8. The Port Number box is enabled, enter port 443 as the Port Number.  
  9. Click OK.  
  10. Connect to the MCU.
    When reconnected, the MCU uses the secured port.  
NOTE:
After reconnecting, it is recommended to change the login password. — The HTTPS protocol is indicated in the Connections list Protocol column under the MCU Configuration icon. Port 443 and the Secured (the lock) icon are indicated in the MGC Manager window’s status bar.
All software versions.