Installation Instructions
Table Of Contents
- Installation and Configuration Manual
- Tait Communications Corporate Head Office
- Contents
- Preface
- 1 Introduction
- 2 Installation
- 3 Configuration
- 4 Administrating the SCADA Gateway
- 4.1 Logging on to the SCADA Gateway
- 4.2 Logging on to the SCADA Gateway as ‘root’
- 4.3 Self-Signed SSL Certificates
- 4.4 Using the Certificate from a Certification Authority (CA)
- 4.5 Changing the ‘root’ and ‘taitnet’ Passwords
- 4.6 Stopping/Starting the SCADA Gateway Software
- 4.7 Changing to a Local Time Zone
- 4.8 SCADA Gateway Resource File
- 5 Uploading SCADA Gateway Firmware
- 6 Backing up/Restoring Configuration Files
- Appendix 1: Transferring an ISO Image to a USB Flash Drive
- Appendix 2: Adding an Alternate Interface in CentOS
34 Administrating the SCADA Gateway SCADA Gateway Installation and Configuration Manual
© Tait Limited May 2017
4.4 Using the Certificate from a Certification Authority
(CA)
By default, the SCADA gateway generates its own self-signed certificate.
This provides privacy by allowing traffic to be encrypted, but does not
provide authentication. The result is that your browser displays a warning
when connecting to the WebUI. A user can bypass the warning but this calls
into question the point of having a high security system
So, for maximum security we recommend the use of a certificate generated
and signed by an external authority trusted by the browser.
The SCADA gateway allows you to upload a certificate generated by a
trusted authority. For use on a public network this certificate may be
obtained from a commercial provider. For use on a private network a
certificate may be generated using the network’s own certificate authority.
This authority’s certificate must be added to each browser’s list of trusted
authorities.
If the CA requires a Certificate Signing request (CSR), this can be
generated as follows:
(In the following instructions, the hostname assigned to the SCADA
gateway is assumed to be
scadagw-1.orgname.com.)
1. Connect to the SCADA gateway via SSH as the taitnet user (see
Section 4.1).
2. Enter the following command to generate the CSR file based on the
server’s existing private key file:
openall req -new -key /home/taitnet/scadagw/ssl/
server.key -out /home/taitnet/scadagw/logs/
scadagw-1.orgname.com.csr
3. There are various prompts for information. The most critical item is
the common name. This must match the web address used to access
the server, i.e. if the WebUI is accessible via
https://scadagw
-1.orgname.com:17443, then the common name should be
entered as
scadagw-1.orgname.com
4. The CSR is now available for download from the SCADA gateway
WebUI. Select Files > Logs, and clicking on the required filename to
download it.
5. Send the CSR to the CA and they will return a certificate (.crt) file
that can be uploaded to the server.
6. Once the CSR file has been downloaded it can be deleted from Files
> Logs. Simply check the box at the beginning of the CSR file’s row
and click Delete.