Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84538members
353793posts

DCO Server - HTTPS and TLS1.2 - Don't works.

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

DCIM_Support
Picard
Picard
0 Likes
4
270

DCO Server - HTTPS and TLS1.2 - Don't works.

This question was originally posted on DCIM Support by Andres Cordero on 2018-11-10


Preview:

- One of the biggest national banks in our country has the DCO and DCE running in virtual servers.
- The DCO is running in version 8.0.3-66536-08cb94
- The DCE is running in version 7.6.0.114


Customer requirements:

- The customer only admits the security protocol “TLS version 1.2” and "HTTPS" in all the communication protocols.
This is mandatory in the client console - Server - webmin - applications - devices.


Remarks:

- When the DCO detects a communication with one DCE server.
It exports the information for the devices in the DCE server and also enables the possibility to associate the device with a genome in the graphical design.

- The DCO has the capability to open associated devices inside the DCE server.

- All devices inside DCE must be configurated as follow:
Web Settings: HTTPS enabled // Minimum Protocol TLS 1.2

- The DCE is capable to get access to devices with the combination previously described.
HTTPS enabled // Minimum Protocol TLS 1.2 ---------- Works!!
HTTP enabled // Minimum Protocol TLS 1.2 ---------- Works!!

- The DCO is not capable to get access to devices with the combination previously described.
HTTPS enabled // Minimum Protocol TLS 1.2 ---------- Don't Work!!
HTTP enabled // Minimum Protocol TLS 1.2 ---------- Works!!

- The DCO detect all the devices inside the DCE platform,
but It's not able to show in the respective folder 3 devices that are not associated with the DCO graphical design.

The customer requires to get access to the DCO using web security connection “https:” with port 443, also with the communication protocol TLS 1.2. (it is mandatory!).

Question:

- Why the combination HTTPS enabled // Minimum Protocol TLS 1.2 is not operational on the DCO server but It works on DCE?
- Why the devices no associated with the DCO graphical design are not showed as available in their respective folders?

(CID:134695862)

Tags (1)
4 Replies 4
DCIM_Support
Picard
Picard
0 Likes
0
271

Re: DCO Server - HTTPS and TLS1.2 - Don't works.

This comment was originally posted on DCIM Support by Jef Faridi on 2018-11-12


Hi Andres,

Can you please add some screenshots (mask sensitive data) illustrating configurations and problem(s). 

In my setups, DCO ssl encryption using TLSv1.2 and ssl (port 443) communication with DCE (as external system): works without any problem.

Kind regards

(CID:134696265)

DCIM_Support
Picard
Picard
0 Likes
0
271

Re: DCO Server - HTTPS and TLS1.2 - Don't works.

This comment was originally posted on DCIM Support by Andres Cordero on 2018-11-23


Hi,
Images attached.

(CID:136645374)

DCIM_Support
Picard
Picard
0 Likes
0
271

Re: DCO Server - HTTPS and TLS1.2 - Don't works.

This answer was originally posted on DCIM Support by Jef Faridi on 2018-11-28


Hi Andres,

From DCO side, it seems it's working as designed.

The Discovered Devices view is showing the discovered items, if the communication between your DCO and DCE is using Encryption (port 443), then that is working fine.

Right clicking to an item (in Discovered Devices) and Launch to Device may only start your default browser to initiate the log session to your device via DCE (https://<dce server IP>/privateproxy/deviceID). DCO will not be involved in that communication.

 

You have also asked "Why the devices no associated with the DCO graphical design are not showed as available in their respective folders?" can please clarify the question with some screen captures.

 

PS. It is highly recommended to consider upgrading the product to latest release version (currently DCO 8.2.12), which contains many enhancements including security updates. 

Kind regards

(CID:137105007)

DCIM_Support
Picard
Picard
0 Likes
0
271

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.