TLS is the abbreviation for Transport Layer Security and enables an encrypted connection between two IT systems. The method is always the same, regardless of whether it is communication between a web browser and a server, two infrastructure devices, or an infrastructure device and a server. During a handshake, it is verified that the sender and receiver are who they claim to be. Both endpoints then encrypt their communication with the certificates available.
Since the endpoints make themselves known to each other during this process, it is more difficult for a hacker to interfere with the communication and manipulate it.
How a certificate works
Principally, an SSL certificate always consists of two parts: a public key and a private key. The private key is used to encrypt data, and the public key is used to decrypt it. The public key part is handed over to the respective recipient upon request after the handshake
From now on, there are several different scenarios:
- The certificate is valid.
- The certificate is invalid, revoked, or damaged.
- The certificate is expired.
- The certificate is valid in principle, but its authenticity cannot be confirmed.
- …
From now on, a communication often depends on the individual configuration of the communication partners:
SSL/TLS Web browser message: „Your communication is not safe “
This is because RCCMD provides for the web interface its own factory default certificate that fulfills several attributes:
- Valid time stamp
- Not revoked by a CA
- Fully functional
- In principle valid…
But: Since it is an in-house certificate, for obvious reasons there can be no signature to confirm to the web browser it is communicating with exactly the RCCMD server it claims to be.
This is exactly what the web browser complains about and announces there may be a theoretical threat. A user must confirm this notification and actively continue to the web interface. The web browser will show the web interface, but also the hint about an unsafe web space.
Newer versions of RCCMD provide a comfortable method to upload a valid company certificate as a standard PEM file.
At Network Configuration, place the file and click on upload.
RCCMD will automatically import and activate the new certificate. If this notice still appears, it simply means that the web browser has something wrong with the new certificate.
Note:
A complete tutorial on creating PEM files can be found in the following article: Creating a certificate and key
Communication RCCMD <-> CS141 does not work as expected
Even though everything was set up correctly, RCCMD seems to simply refuse to communicate.
There are basically 2 options that affect RCCMD:
1. At connections, SSL/TLS is not correctly enabled on both (or more) endpoints:
Accept only TLS connections must be set to either ON or OFF on all endpoints - otherwise one of the two sides will communicate unencrypted, which the other side will consequently reject.
At RCCMD:
At your CS141 WEBMANAGER:
2. Not synchronized certificates
This file can be found in the RCCMD installation folder:
This is not the PEM file for the web interface, but the certificate for communication CS141 <-> RCCMD or other RCCMD installations in your network. In order to use TLS / SSL communication, the certificate must be identical for all participants - if you have changed it, you must do the same for all other participants.
Exchange with RCCMD
Rename the rccmd.pem to rccmd.pem1 and copy your certificate as a PEM file to this location. Rename your PEM file to rccmd.pem. Restart RCCMD.
Exchange with a CS141
Rename your PEM file to rccmd.pem and drag the file into the prepared box. Press Upload. The CS141 will automatically upload and activate the file.
v.: 2025-08-26
Comments
0 comments
Please sign in to leave a comment.