Bosch Building Technologies

    Showing results for 
    Search instead for 
    Did you mean: 

    'New' Trusted Certificate requirement (CFM 7.60)

    Step-by-step guide


    New behavior


    Configuration Manager 7.60 by default will only trust CA signed certificates.



    CM has default Access / Security set to:

    • Encrypted Communication: Required = Only HTTPS connects are permitted.
      • Other options:
      • Preferred = will suggest HTTPS first – possible to change connection method to HTTP or RCP+
      • Optional = will suggest HTTP – possible to change connect method to HTTPS or RCP+
    • Certificate requirement: Trusted = CM 7.60 only trusts CA signed Certificates.
      • Other options:
      • Valid = As long as the Certificate is valid
      • None = Does not check the certificate on the device
      • Issued by this CA = Only if CM on local PC created the CA

    Changing the security requirements will change the behavior of how CM displays the connection/access. You may need to Close the application and reopen to get the new settings to take effect!

    All IP Camera's Produced with FW 6.60 or newer since ~2019 come with a factory installed Device Certificate and has HTTPS set for the Usage by default.

    • These devices will automatically be trusted by CFM.
    • The device will be shown with a Green Icon.

    See at the bottom for:

    • BVMS dependency
    • DIP dependency


    Any additional added Certificates must be signed by a CA,



    If Devices are to old to upload certificates or Device does not have a Factory installed Certificate the device will show up in RED color with an Error (pop-up message at the Icon) Remote certificate name mismatch

    • CFM offers the possibility to Add a Session Exception, this will allow continued configuring of the device till the CFM Application is closed.


    After Confirming the security exception, the icon will change to Orange with an Alert



    Below you see the device does not have the Factory install Device Certificate.



    Below you see the same device after loading a CA signed Cert, Icon changes to Green with no Warning or Error.

    • Note My MicroCA certificate is located on my local PC (Personal Certificate Store), any other PC would not trust this.


    Below you see a device that does not have any Security options - No Certificates!



    BVMS Dependency:

    If CFM 7.60 is installed on a PC which has BVMS Cc, the Security requirements settings of CM affect BVMS Cc behavior.

    This is valid for BVMS 11.0 "my test" and older - (BVMS and CM share some files ?? e.g. "AppConfig")

    • Suggest to change in CM - Encrypted Communication to Preferred

    DIP Dependency:

    When Encrypted Communication is set to Required, it will not be possible to configure the target (Targets do not support "HTTPS only" as they work on iSCSI only)

    • Suggest to change in CM - Encrypted Communication to Preferred


    Version history
    Last update:
    ‎03-16-2023 08:43 AM
    Updated by: