Skip to main content

Configuring PKI

PKI stands for Public Key Infrastructure. It provides a secure connection between the base station and ThingPark core network, either through an IPSec tunnel or a TLS authentication & encryption layer.

Using a secure connection between the base station and the core network is a mandatory requirement for ThingPark SaaS.

For TPE SaaS Using a secure connection between the base station and the core network is a mandatory requirement for SaaS. Therefore, TPE SaaS base station images are already configured to use IPSec.

For self-hosted TPE It is up to the Network Administrator to decide if they want to use IPSec, TLS or simply allow direct connection if their base stations are already located in a closed LAN with the self-hosted TPE server. Therefore, self-hosted TPE base station images are configured with IPSec/TLS options disabled.

Follow these steps to edit your current PKI configuration, you may also need to do this task if you want to move your base station from one ThingPark platform to another.

  1. From SUPLOG's root menu, choose System configuration, then PKI, then Configure PKI. A screen similar to the following example will display:

  2. Using <Tab> key to navigate and <Space> key to activate IPSec if it is not already active. An active IPSec configuration is marked with [X].

    Note TLS activation is supported by SUPLOG starting from the LRR 2.8 release. For previous LRR releases, activating TLS requires a custom base station image. TLS can also be activated using the Infrastructure Commissioning Service (ICS). Please contact Actility for more information on the ICS.

  3. Activate SFTP option to secure the file downloads/uploads between your base station and the core network.

  1. Set the Key Installer details. For ThingPark Enterprise deployments, refer to the following table to fill this form.

    Note Key Installer is a system component included in ThingPark core network architecture, it provides the base station with its X.509 certificate (for IPSec or TLS modes) together with other deployment-specific configuration parameters.

     Key installer platformKey installer instanceKey installer serverUse auth. Keys (enable/disable Public Key Authentication)
    TPE SaaS EU-PRODprod-euactility-tpe-opeslrc1.eu.thingpark.com1
    TPE SaaS AU-PRODactility-au1actility-tpe-opeslrc1-au1.thingpark.com1
    TPE SaaS US-PRODprod-usactility-tpe-opeslrc1-us.thingpark.com1
    ThingPark Communityaws-eu-ecoactility-tpe-opeslrc1-poc.thingpark.com1
    Self-hosted TPEdefaultactility-opeUse the public IP address (Network Server IP) configured in Cockpit (1)0

    (1) For self-hosted TPE case, set the Key Installer server's IP address according to the addressing plan used for the deployment of your ThingPark Enterprise instance. The Key installer server IP should correspond to the network server IP address that you specified in Cockpit during TPE host installation.

Once you are done with your changes in this menu, click Confirm to save your configuration.

Note At this stage, the configuration is only saved by the system, but it has not yet been applied to the base station. To learn more, see Apply/Commit/Rollback mechanism.

Copyright © 2023 Actility