1.General information
You can view information on the current certificates via
This URL is also used to generate certificates from the HS/FS and/or to upload certificates onto the HS/FS. To retrieve this page, no user details are required; the individual functions demand this however. (See certificate management)
Behaviour during initial start of the HS/FS with firmware 4.7 or higher is described here.
https://HS_IP/hscert.This URL is also used to generate certificates from the HS/FS and/or to upload certificates onto the HS/FS. To retrieve this page, no user details are required; the individual functions demand this however. (See certificate management)
Behaviour during initial start of the HS/FS with firmware 4.7 or higher is described here.
2.Server
The interfaces listed in the table are available for all the ports of secure and unencrypted communication specified in the following:
| Interface | Call |
|---|---|
| Lists | /hslist |
| Visu / Menu / Query | /hs |
| QuadClient / Apps | From app/Program |
| Certificate management | /hscert |
| Communication object gateway | /cogw |
| HSUpload area | /opt |
Permit communication via TLS v1.0
Yes: Communication via TLS v1.0, which is insecure, is possible for this port.
Default setting: No.
Default setting: No.
Note
Note that this option has to be activated when using Gira Clients 9 and 19 in conjunction with the Windows XP operating system.
Create certificate
Select the type of certificate to be used by the device here:
| Setting | Comment |
|---|---|
| Device creates certificate (with IP address as CN) | The device creates a certificate. When generating the certificate, the IP address of the HS/FS is used as Common Name (CN). Generation can be triggered again under /hscert. |
| Device creates certificate (with configured CN) | The device creates a certificate. When generating the certificate, the text entered in the Common Name (CN) field is used as Common Name (CN). Generation can be triggered again under /hscert. |
| Load certification onto the device | The option for uploading a certificate has been released. The certificate to be uploaded must be available as a .pem file and must not be password-protected. Until a certificate has been uploaded, the device uses a certificate that was created according to the "Device creates certificate (with IP address as CN)" setting. |
Common Name (CN)
This text is used if a certificate is to be generated by the HS/FS for this port with the Device creates certificate (with configured CN) option.
2nd IP port (HTTPS)
Like 1st IP port (HTTPS). However, the use of this port is optional.
Standard setting (value): deactivates (8443).
Standard setting (value): deactivates (8443).
3.Monitoring of certificates
Time (hh:mm)
Defines the time when the validity of the certificate is checked while in operation.
Default value: 00:01.
Default value: 00:01.
Generation (days before expiry)
If a certificate created by the HS/FS is only valid for the number of days specified here, a new certificate is created by the HS/FS.
The earliest possible point in time for an automatic regeneration is 90 days before expiry.
Default value: 1.
A Status object displays the difference (in days) between the current date and the next validity expiry of a certificate.
The earliest possible point in time for an automatic regeneration is 90 days before expiry.
Default value: 1.
A Status object displays the difference (in days) between the current date and the next validity expiry of a certificate.
Important
If a certificate that has not been not been generated with the HS/FS is loaded onto the HS/FS via the web interface (
https://HS_IP/hscert), this setting has no effect!