Configuring PKI

PKI stands for Public Key Infrastructure. It provides a secure connection between the base station and ThingPark core network, either through an IPSec tunnel or a TLS authentication & encryption layer.

For TPE-SaaS Using a secure connection between the base station and the core network is a mandatory requirement for SaaS. Therefore, TPE-SaaS base station images are already configured to use IPSec.

For TPE-OCP It is up to the Network Administrator to decide if they want to use IPSec, TLS or simply allow direct connection if their base stations are already located in a closed LAN with the TPE-OCP server. Therefore, TPE-OCP base station images are configured with IPSec/TLS options disabled.


Follow these steps to edit your current PKI configuration, you may also need to do this task if you want to move your base station from one ThingPark platform to another.

  1. From SUPLOG’s root menu, choose System configuration, then PKI, then Configure PKI. A screen similar to the following example will display:

  1. Using <Tab> key and <Space> bar, activate IPSec if it is not already active. An active IPSec configuration is marked with [X].

    Note TLS activation is not supported by SUPLOG in the current release. Hence, activating TLS requires a custom base station image.

  2. Activate SFTP option to secure the file downloads/uploads between your base station and the core network.

  3. Set the Key Installer details. For ThingPark Enterprise deployments, refer to the following table.

    Note Key Installer is a system component included in ThingPark core network architecture, it provides the base station with its X.509 certificate (for IPSec or TLS modes) together with other deployment-specific configuration parameters.

      Key installer platform Key installer instance Key installer server Use auth. Keys (enable/disable Public Key Authentication)
    TPE-SaaS EU-PROD prod-eu actility-tpe-ope 1
    TPE-SaaS AU-PROD actility-au1 actility-tpe-ope 1
    TPE-SaaS US-PROD prod-us actility-tpe-ope 1
    ThingPark Community aws-eu-eco actility-tpe-ope 1
    TPE-OCP default actility-ope Use the public IP address (Network Server IP) configured in Cockpit* 0

    * For TPE-OCP case, set the Key Installer server’s IP address according to the addressing plan used for the deployment of your ThingPark Enterprise instance. The Key installer server IP should correspond to the network server IP address that you specified in Cockpit during TPE host installation.


Once you are done with your changes in this menu, click Confirm to save your configuration.

Note At this stage, the configuration is only saved by the system, but it has not yet been applied to the base station. To learn more, see Apply/Commit/Rollback mechanism.