Certificate-based management protocol

The certificate-based management protocol provides secure communication between the Scout Server and devices via end-to-end encryption with TLS 1.2.

Starting with Scout 15 2107, only devices with eLux RP 6.2 or later are supported. For further information, see Compatibility client platform and Scout Enterprise Management Suite in the Whitepaper Releases, Lifecycles and Compatibility.

The certificate-based encryption of the management protocol is carried out via a self-signed certificate automatically generated by the Scout service. Alternatively, you can use a CA certificate that must be configured on the Scout Server.

For the encrypted communication with the Scout Server, port 22125 is used.1 Up to version Scout 15 2107, devices with earlier eLux versions could be used via port 22123 with AES-256 encryption.

For TLS 1.2 communication, the following requirements must be met:

• On the devices, the trust level must be specified by using TlsVerifyOption. By default, the trust level is set to 0 and the certificate check is disabled.

  For further information, see Configuring the trust level on the devices.

• If you are using a certificate issued by a CA (instead of self-signed), the certificate must be provided in the form of a pfx or pem file on the Scout Server. Note that the certificate must not be password-protected. The devices must be equipped with the corresponding root certificates.

  For further information, see Configuring Scout Server for communication via CA certificates.

To check the communication via TLS, view the eluxd.log log file of the Scout Server service.