Manage BACnet/SC networks
In order to manage BACnet/SC networks, devices and their certificates, click on More ▸ Manage BACnet/SC Networks in the sidebar on the left.
You will see a list of all your different BACnet/SC networks on the left.
Create BACnet/SC network
If you don’t have a network yet, click on Add Network in the toolbar at the top of the sidebar. Enter a name for the new network. This name is only used to identify the network in the sidebar.
Then select a primary and failover hub in the dropdowns below. Only Beetle devices can be assigned, and both hubs have to be configured for a valid network.
Note that the devices have to be configured correctly as primary and failover hub, respectively. To do that, you need to go to the configuration interface of the Beetle by clicking on Go to Device and then on the button Open Device Homepage on the General card. Change the Node Type on the primary hub to Primary Hub and the Node Type on the failover hub to Failover Hub. You can find more information on the BACnet configuration in the Beetle manual.
After creating a new network, the primary and failover hub will appear in the list on the right. You can now start to add other devices (nodes) to the network and to create certificates for them.
Add device and create certificates for it
In order to get a certificate for a device, you need to create a certificate signing request (CSR). If you already have one, you can skip the next paragraph.
1. Create CSR
If you don’t have a CSR yet, you need to go to the configuration interface of the Beetle by clicking on your user name on the top right, then on Devices, select the Beetle from the device list and click on the button Open Device Homepage on the General card. If you you’re unable to connect to the Beetle that way, you can connect to it directly via Ethernet. On the Beetle interface, log in with your Beetle login, select BACnet in the sidebar on the left. Click on Settings…. Make sure that Communication mode is set to SC (or IP and SC) and that BACnet/SC is configured correctly. Then click on Create CSR… and fill out the form to create a new signing request. This will create a CSR file. Save this file on your computer. Once you created the CSR, you can click on Download CSR to download it again later.
Warning
Note that when you create a new CSR, the private key on the Beetle changes, which means any previously created CSR will no longer work with that Beetle.
Also note the Device ID, which you will need in the next step as well. Keep this page open, as you will need to get back to it after you created the certificates in the next step.
2. Add device to network
If you have a CSR file, click on Add Device at the top right. Enter the BACnet device ID. If you’re adding a Beetle, this is the Device ID that is displayed on the Beetle user interface as described in step 1. Then enter a representative label for the device, for example the device name. This label is just used to identify the device in the list and is not going to be visible to other devices.
Click on the Certificate Signing Request field and select the CSR from your computer. Then click on Generate. This will generate a ZIP file containing the issuer certificate and the operational certificate. Save this file on your computer and extract the two certificates.
3. Install certificates on device
You now need to install the certificates on the device itself. Go back to the user interface of your device and upload the two certificates.
The fields should usually be called Certificate and CA Certificate, or Operational Certificate and Issuer Certificate, respectively.
For example, if you want to install the certificates on a Beetle, go back to the Beetle interface from step 1.
Then upload the .crt
file under Certificate, and the .ca
file under CA Certificate, respectively.
Make sure you also configured the primary and failover hub URIs correctly, and save the changes by clicking on OK.
The certificates are now installed and the device should be able to establish a secure connection to the BACnet/SC network.
Certificate status
The status of individual certificates are displayed in the two columns Operational Certificate Status and Issuer Certificatus Status, respectively.
Operational Certificate Status
Operational Certificate Status |
Description |
---|---|
Installed |
The certificate is installed and valid. |
Expired |
The installed certificate has expired and needs to be replaced manually. |
Expires Soon |
The installed certificate is about to expire. The system will try to renew it automatically if the device is accessible. Otherwise, the user needs to renew the certificate manually. |
Missing |
No certificate is installed. |
Unknown |
The status of the certificate could not be determined. |
Issuer Certificate Status
Issuer Certificate Status |
Description |
---|---|
Installed |
The certificate is installed and valid. |
Installed (Renewal in Progress) |
A new certificate has been installed. All devices in the network need to update to this new certificate to ensure further communication with the BACnet/SC network. The status will automatically change to Installed if all devices have updated to the new issuer certificate. |
Missing |
No certificate is installed. |
Unknown |
The status of the certificate could not be determined. |
Renew certificates
As soon as you have installed the initial certificates on your devices, the system will try to automatically renew them if they are about to expire. There is usually no action required from your part, unless a certificate expired while the device was offline and it could not renew it.
To manually renew the operational certificate of a device, click on the Renew Certificate icon on respective device.
If the system can no longer connect to the device (for example, because the current operational certificate or the issuer certificate expired), you’ll have to remove the device from the BACnet/SC network by clicking on Remove Device and set up the device and its certificates from scratch according to the instructions above.