Selecting SSL/TLS Files

Upon application installation CCA automatically generates a self-signed certificate to support HTTPS. This ensures better security as communications occurring during the CCA configuration are all encrypted.

CCA creates a new self-signed certificate at the following:

  • When no certificate configuration exists in the application configuration for a fresh installation.
  • Before any user configuration tasks.

This ensures that a fresh CCA installation can serve its UI/API through HTTPS immediately without user configuration.

Customer Provided SSL/TLS Server Certificate and Key

A user can provide two files to configure CCA's SSL/TLS Server Certificate and Key. The user is required to choose each file through the provided web UI.

CCA settings SSL and TLS files

Key

*.KEY is the private key that is stored as PEM or DER (binary), and both PEM and PKCS#8 DER can protect the key with password-based encryption or be left unencrypted. Currently this type of password-protected key file is not supported by CCA.

Certificate

*.CRT encoding are PEM or DER (binary). A certificate contains the public key but contains much more information, most importantly the signature by the Certificate Authority over the data and public key. Click Save when complete. As the new files are written within the UI, the user is automatically logged off and a browser refresh is needed to complete the process.

Siemens disclaimer

By default, CCA uses self-signed certificates to provide a minimum level of security for access to the web configuration UI out-of-the-box. Your IT security organization may require and have a process for providing certificates for use with your networking infrastructure. Consult your internal IT security specialists for information regarding the use of certificates in your organization.

Configuring a BACnet network adapter

To support MSIB, CCA allows you to configure a BACnet network adapter. First, click the arrow icon to open the configuration interface.

CCA settings for BACnet server IP

A view to the BACnet server IP info opens.

CCA BACnet server information
  1. Choose a BACnet Network IP Adapter (1) from the drop-down list.
  2. Select the corresponding Network IP Address (2).
  3. Select the Network UDP Port (3).
  4. Click Save to complete the adapter configuration.

Click Save (4). MSiB restarts in the background. The CCA UI displays notification that CCA is waiting for MSiB to restart.

CCA Waiting for MSIB

MSiB restarts, the message disappears, and control is returned to the user.

Downloading CCA log files

CCA creates two application log files for troubleshooting and analysis purposes.

Click the download Log button to download the log files from the settings interface.

Download Log button

On completion the files are available for review.