Security Certificate
Configuration
27
BACNET-GW-3 Installation and Operation Manual – P/N LS10014-000NF-E:C6 5/5/2017
3.3 Security Certificate
The BACNET-GW-3 communicates with the browser using secure communications facilitated by a
self-signed security certificate. Using the self-signed security certificate will cause the browser to display a
warning similar to the following:
Figure 3.2 Chrome Security Warning Example
The browser warning is displayed upon each connection to the gateway. The warning may be removed by
obtaining a security certificate from a security authority.
The certificate may originate from a local
certificate authority or a commercial certificate authority if the gateway is directly connected to the Internet
with a unique IP address. Regardless of which type of certificate authority is selected, the IP address of the
gateway must be provided. The certificate is specific to the specified IP address. If the IP address is changed,
a new certificate will be required. In addition, the certificates have an expiration date. Once the certificate
expires, a new certificate needs to be sent to the gateway. If the certificate expires, a different warning is
displayed by the browser.
The security certificate must be in the PFX format. The PFX file is uploaded to the gateway using the
Tools
> Send PFX Key File
option in the gateway configuration tool. It may be necessary to install a file on each
PC used to configure the gateway to fully resolve the security configuration.
The BACNET-GW-3 includes a self-signed security certificate. The certificate is generated with a three year
expiration. In addition, the certificate is generated using the default IP address of the gateway, 192.168.1.2.
A certificate authority may be used to create a valid certificate based on the IP address of the
BACNET-GW-3. If a certificate authority is not available, a local IT administrator may use a security