/
'New' Trusted Certificate requirement (CFM 7.60)

'New' Trusted Certificate requirement (CFM 7.60)

Step-by-step guide

New behavior

Configuration Manager 7.60 by default will only trust CA signed certificates.

CM has default Access / Security set to:

  • Encrypted Communication: Required = Only HTTPS connects are permitted.
    • Other options:
    • Preferred = will suggest HTTPS first – possible to change connection method to HTTP or RCP+
    • Optional = will suggest HTTP – possible to change connect method to HTTPS or RCP+
  • Certificate requirement: Trusted = CM 7.60 only trusts CA signed Certificates.
    • Other options:
    • Valid = As long as the Certificate is valid
    • None = Does not check the certificate on the device
    • Issued by this CA = Only if CM on local PC created the CA

Changing the security requirements will change the behavior of how CM displays the connection/access. You may need to Close the application and reopen to get the new settings to take effect!

All IP Camera's Produced with FW 6.60 or newer since ~2019 come with a factory installed Device Certificate and has HTTPS set for the Usage by default.

  • These devices will automatically be trusted by CFM.
  • The device will be shown with a Green Icon.

See at the bottom for:

  • BVMS dependency
  • DIP dependency

Any additional added Certificates must be signed by a CA,


If Devices are to old to upload certificates or Device does not have a Factory installed Certificate the device will show up in RED color with an Error (pop-up message at the Icon) Remote certificate name mismatch

  • CFM offers the possibility to Add a Session Exception, this will allow continued configuring of the device till the CFM Application is closed.

After Confirming the security exception, the icon will change to Orange with an Alert



Below you see the device does not have the Factory install Device Certificate.


Below you see the same device after loading a CA signed Cert, Icon changes to Green with no Warning or Error.

  • Note My MicroCA certificate is located on my local PC (Personal Certificate Store), any other PC would not trust this.

Below you see a device that does not have any Security options - No Certificates!


BVMS Dependency:

If CFM 7.60 is installed on a PC which has BVMS Cc, the Security requirements settings of CM affect BVMS Cc behavior.

(BVMS and CM share some files ?? e.g. "AppConfig")

  • Suggest to change in CM - Encrypted Communication to Preferred

DIP Dependency:

When Encrypted Communication is set to Required, it will not be possible to configure the target (Targets do not support "HTTPS only" as they work on iSCSI only)

  • Suggest to change in CM - Encrypted Communication to Preferred


͏ ͏ Stay up to date

Get in touch

You are on

͏͏͏ ͏ Newsletter

Contact us
Support
Training

Bosch Building Technologies
Bosch worldwide>

All Bosch Apps
Apps and Tools>



© Bosch Sicherheitssysteme GmbH 2025, all rights reserved