͏ ͏ Websites worldwide

Newsletter

Contact us
Skip to end of banner
Go to start of banner

'New' Trusted Certificate requirement (CFM 7.60)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

Version 1 Current »

Article status

EXTERNAL  

Link to be provided outside of Bosch

Step-by-step guide

New behavior

Configuration Manager 7.60 by default will only trust CA signed certificates.

CM has default Access / Security set to:

  • Encrypted Communication: Required = Only HTTPS connects are permitted.
    • Other options:
    • Preferred = will suggest HTTPS first – possible to change connection method to HTTP or RCP+
    • Optional = will suggest HTTP – possible to change connect method to HTTPS or RCP+
  • Certificate requirement: Trusted = CM 7.60 only trusts CA signed Certificates.
    • Other options:
    • Valid = As long as the Certificate is valid
    • None = Does not check the certificate on the device
    • Issued by this CA = Only if CM on local PC created the CA

Changing the security requirements will change the behavior of how CM displays the connection/access. You may need to Close the application and reopen to get the new settings to take effect!

All IP Camera's Produced with FW 6.60 or newer since ~2019 come with a factory installed Device Certificate and has HTTPS set for the Usage by default.

  • These devices will automatically be trusted by CFM.
  • The device will be shown with a Green Icon.

See at the bottom for:

  • BVMS dependency
  • DIP dependency

Any additional added Certificates must be signed by a CA,


If Devices are to old to upload certificates or Device does not have a Factory installed Certificate the device will show up in RED color with an Error (pop-up message at the Icon) Remote certificate name mismatch

  • CFM offers the possibility to Add a Session Exception, this will allow continued configuring of the device till the CFM Application is closed.

After Confirming the security exception, the icon will change to Orange with an Alert



Below you see the device does not have the Factory install Device Certificate.


Below you see the same device after loading a CA signed Cert, Icon changes to Green with no Warning or Error.

  • Note My MicroCA certificate is located on my local PC (Personal Certificate Store), any other PC would not trust this.

Below you see a device that does not have any Security options - No Certificates!

BVMS Dependency:

If CFM 7.60 is installed on a PC which has BVMS Cc, the Security requirements settings of CM affect BVMS Cc behavior.

(BVMS and CM share some files ?? e.g. "AppConfig")

  • Suggest to change in CM - Encrypted Communication to Preferred

DIP Dependency:

When Encrypted Communication is set to Required, it will not be possible to configure the target (Targets do not support "HTTPS only" as they work on iSCSI only)

  • Suggest to change in CM - Encrypted Communication to Preferred



ADVANCED section

Please contact CTS / SG or GK team to view this section from draft space, if necessary


Information below is for CTS, SG, GK reference and must be kept internal only.

If you are part of CTS, SG or GK team, please hide this section when you have finished using this article!


This section will not be published externally and / or automatically downloaded in the PDF file!

  • No labels

͏ ͏ Stay up to date

Get in touch

You are on

͏͏͏ ͏ Newsletter

Contact us
Support
Training

Bosch Building Technologies
Bosch worldwide>

All Bosch Apps
Apps and Tools>

͏ ͏ Corporate information">͏ ͏ Corporate information
Legal Notice">Legal Notice
Data Protection Notice">Data Protection Notice
California Privacy">California Privacy
CCPA-and-Canadian-Privacy-Disclosure
Terms of use">Terms of use



© Bosch Sicherheitssysteme GmbH 2025, all rights reserved