niagara-ax/stations/demo/html/aNewWorkbenchSSLcertificates.html

<!-- Htmldoc has been run -->

<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
   <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
      <title>SSL and certificate notes in AX-3.8</title>
      <link rev="made" href="documentation@tridium.com">
      <meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
      <link rel="start" href="index.html" title="Demo Quick Start">
      <link rel="up" href="index.html" title="Demo Quick Start">
      <link rel="prev" href="aDemoStationSecurityNotes.html" title="Demo stations security notes">
      <link rel="next" href="aDemo38BrowserSSLaccess.html" title="Browser access notes">
      <meta name="description" content="Niagara Framework documentation">
<!-- Auto-generated style sheet link -->
<link rel='StyleSheet' href='module://bajaui/doc/style.css' type='text/css' />
   </head>
   <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

<!-- Auto-generated Header NavBar -->
<p class="navbar">
  <a href="index.html">Index</a> |
  <a href="aDemoStationSecurityNotes.html">Prev</a> |
  <a href="aDemo38BrowserSSLaccess.html">Next</a>
</p>

      <div class="section" lang="en">
         <div class="titlepage">
            <div>
               <div>
                  <h2 class="title"><a name="aNewWorkbenchSSLcertificates"></a>SSL and certificate notes in AX-3.8
                  </h2>
               </div>
            </div>
         </div><a name="d0e935"></a><p class="note" border="0" width="24"><img src="module://docUser/doc/images/note.png" alt="Note" width="24" height="24">This section explains a little more about the Workbench SSL certificate warnings seen in the section <a href="StartDemo.html">Get the Demo Up and Running</a>. Note that in AX-3.8, a few SSL-related changes were made since the releases for AX-3.7/AX-3.7u1 that affect the &#8220;demo&#8221; station,
            which are also described below.
         </p>
         <p>It is safe to &#8220;<span class="guibutton">Accept</span>&#8221; the certificate (<span class="guibutton">Identification Verification</span>) warnings seen in Workbench when following steps in this document. However, don&#8217;t assume that always accepting similar certificates
            is the correct choice. An overview with a <span class="emphasis"><em>few</em></span> background details is below. For complete details about SSL and NiagaraAX, refer to the <em class="citetitle"><a href="module://docSSL/doc/index.html">NiagaraAX SSL Connectivity Guide</a></em>.
         </p>
         <p>Since AX-3.7, NiagaraAX has included integral support for industry-standard Secure Socket Layer (SSLv3) and Transport Layer
            Security (TLSv1) protocols, via an &#8220;SSL Toolset&#8221;. Included are Workbench tools for managing PKI (Public Key Infrastructure)
            digital certificates or &#8220;self-signed&#8221; digital certificates, which are used in verifying SSL connections. When you install
            NiagaraAX on your PC, a local self-signed &#8220;<code class="literal">tridium</code>&#8221; certificate is generated, and is available for (default) local SSL usage.
         </p>
         <div class="itemizedlist">
            <ul>
               <li>
                  <p>In AX-3.7 (and AX-3.7u1), after installing NiagaraAX on your PC, you could <span class="emphasis"><em>optionally</em></span> enable SSL for your local PC platform, by making a local platform connection and accessing the <span class="guilabel">Platform Administration</span> view. By default, the &#8220;<code class="literal">tridium</code>&#8221; certificate is presented to any Workbench client that attempts an SSL platform connection.
                  </p>
               </li>
               <li>
                  <p>In AX-3.8 this changed&#8212;now when you install NiagaraAX, platform SSL is <span class="emphasis"><em>automatically enabled</em></span> for you Workbench PC platform&#8212;by default using the self-signed &#8220;<code class="literal">tridium</code>&#8221; certificate. In addition, changes were made to the standard &#8220;demo&#8221; station in AX-3.8 to enable SSL for station access (&#8220;Foxs
                     Enabled&#8221; in the station&#8217;s Fox Service), as well as SSL for browser access (&#8220;Https Enabled&#8221; in the station&#8217;s Web Service)&#8212;again,
                     (by default) both reference the self-signed &#8220;<code class="literal">tridium</code>&#8221; certificate.
                  </p>
               </li>
            </ul>
         </div>
         <p>In either case just described, when you open the<span class="emphasis"><em> first platform SSL connection</em></span> from Workbench (the client) to your local platform daemon (a server), Workbench presents a warning &#8220;<span class="guilabel">Identity Verification</span>&#8221; popup that shows you the details of your local self-signed &#8220;<code class="literal">tridium</code>&#8221; certificate.
         </p>
         <div class="itemizedlist">
            <ul>
               <li>
                  <p>If you <span class="guibutton">Accept</span>, an &#8220;allowed host&#8221; exemption is created for your Workbench (client), and you proceed to the <span class="guilabel">Authentication</span> dialog to enter your platform credentials. This warning should not appear again unless you delete the allowed host exemption,
                     or unless the certificate expires.
                  </p>
               </li>
               <li>
                  <p>If you <span class="guibutton">Reject</span>, no exemption is created, nor do you see the <span class="guilabel">Authentication</span> dialog to make a connection. Instead, an error message is generated.
                  </p>
               </li>
            </ul>
         </div>
         <p>Note this Workbench certificate warning <span class="emphasis"><em>repeats</em></span> when you open the <span class="emphasis"><em>first station SSL connection</em></span> (Foxs) to a local station&#8212;in this case to your AX-3.8 &#8220;demo&#8221; station. When you <span class="guibutton">Accept</span>, <span class="emphasis"><em>another</em></span> &#8220;allowed host&#8221; exemption is created for your Workbench client, this time for a different software port: 4911 Foxs default,
            (vs. 5011 platformssl default). Similarly, web browser access using a secure connection produces a warning in your client
            browser; see <a href="aDemo38BrowserSSLaccess.html" title="Browser access notes"><i>Browser access notes</i></a>.
         </p>
         <p>In general, usage of PKI signed certificates with NiagaraAX is recommended over the (default) self-signed &#8220;<code class="literal">tridium</code>&#8221; certificate. However, details are well outside the scope of this document. Again, refer to the <em class="citetitle"><a href="module://docSSL/doc/index.html">NiagaraAX SSL Connectivity Guide</a></em> for complete details.
         </p>
      </div>

<!-- Auto-generated Footer NavBar -->
<p class="navbar">
  <a href="index.html">Index</a> |
  <a href="aDemoStationSecurityNotes.html">Prev</a> |
  <a href="aDemo38BrowserSSLaccess.html">Next</a>
</p>

<!-- Auto-generated copyright note -->
<p class='copyright'>Copyright &copy; 2000-2013 Tridium Inc. All rights reserved.</p>

   </body>
</html>