To be your own CA, you will need a root certificate and possibly one or more intermediate certificates as well as a server certificate for every Supervisor and JACE in the network. The private key of your root certificate will be used to sign any intermediate certificates, which, in turn, will be used to sign your server certificates. Before you begin, consider these questions.
How many intermediate certificates do you need? You might break them down by geography or department. Using intermediate certificates improves security. If one key is compromised, only the compromised chain is at risk. The rest of your network remains secure.
How many Supervisor stations do you have?
How many JACEs do you have?
Can the Supervisor and JACE platform/stations use the default server certificate with the 1024-bit key pair or do you need to create a more secure key pair for each?
Creating a certificate chain of trust also involves setting up the Workbench, Supervisor and JACE Key and Trust Stores. What to import into each entity depends on the function of the entity. As noted in NiagaraAX’s client/server architecture, a given entity may serve as a client or a server. For an illustration of what goes in each store, see About the certificate creation and signing process.
This section includes these topics:
Copyright © 2000-2014 Tridium Inc. All rights reserved.