Step-by-step guide

New behavior

Configuration Manager 7.60 by default will only trust CA signed certificates.

CM has default Access / Security set to:

• Encrypted Communication: Required = Only HTTPS connects are permitted.
• Other options:
• Preferred = will suggest HTTPS first – possible to change connection method to HTTP or RCP+
• Optional = will suggest HTTP – possible to change connect method to HTTPS or RCP+
• Certificate requirement: Trusted = CM 7.60 only trusts CA signed Certificates.
• Other options:
• Valid = As long as the Certificate is valid
• None = Does not check the certificate on the device
• Issued by this CA = Only if CM on local PC created the CA

Changing the security requirements will change the behavior of how CM displays the connection/access. You may need to Close the application and reopen to get the new settings to take effect!

All IP Camera's Produced with FW 6.60 or newer since ~2019 come with a factory installed Device Certificate and has HTTPS set for the Usage by default.

• These devices will automatically be trusted by CFM.
• The device will be shown with a Green Icon.

See at the bottom for:

• BVMS dependency
• DIP dependency

Any additional added Certificates must be signed by a CA,

• CFM offers a feature to use a MicroCA. See: Bosch Camera certificate in Config. Manager & WEB GUI (boschsecurity.com)

If Devices are to old to upload certificates or Device does not have a Factory installed Certificate the device will show up in RED color with an Error (pop-up message at the Icon) Remote certificate name mismatch

• CFM offers the possibility to Add a Session Exception, this will allow continued configuring of the device till the CFM Application is closed.

After Confirming the security exception, the icon will change to Orange with an Alert

Below you see the device does not have the Factory install Device Certificate.

Below you see the same device after loading a CA signed Cert, Icon changes to Green with no Warning or Error.

• Note My MicroCA certificate is located on my local PC (Personal Certificate Store), any other PC would not trust this.

Below you see a device that does not have any Security options - No Certificates!

BVMS Dependency:

If CFM 7.60 is installed on a PC which has BVMS Cc, the Security requirements settings of CM affect BVMS Cc behavior.

This is valid for BVMS 11.0 "my test" and older - (BVMS and CM share some files ?? e.g. "AppConfig")

• Suggest to change in CM - Encrypted Communication to Preferred

DIP Dependency:

When Encrypted Communication is set to Required, it will not be possible to configure the target (Targets do not support "HTTPS only" as they work on iSCSI only)

• Suggest to change in CM - Encrypted Communication to Preferred