Enabling transport encryption on the CCURE 9000 Access Control plugin role - CCURE Access Control 3.8.0

CCURE 9000 Access Control Plugin Guide 3.8.0

Product
CCURE 9000 Access Control
Content type
Guides > Plugin and extension guides
Version
3.8
Release
3.8.0
Language
English
Last updated
2023-10-10

By default, plugin communications are unencrypted. To enable encryption for the CCURE 9000 Access Control plugin, you must change the configuration file on the Security Center server that hosts the plugin role.

What you should know

  • This procedure is required for servers that host the CCURE 9000 Access Control plugin role, including a failover server, but not Security Desk workstations.
  • The plugin configuration file contains instructions for both unencrypted and encrypted communication. Only one type of communication can be enabled at a time.
IMPORTANT: The plugin and the proxy service must both be encrypted or both unencrypted. If the proxy is encrypted and the plugin server is not, the plugin cannot operate. To minimize downtime, update the configuration files on the proxy server and plugin server at the same time.

Procedure

  1. On the plugin server, find the Genetec.Plugins.CCURE.dll.config file.
    By default, the file is in C:\Program Files (x86)\Security Center Plugins\CCURE\Plugin.
  2. Make a backup copy of the configuration file.
  3. Open the configuration file in Notepad.
  4. Find the following line:<endpoint address="net.Tcp://localhost:5645/Genetec/CCUREAccessControl".
    The configuration file contains two <endpoint> tags:
    • The first <service> tag (shown in blue) provides the instructions for unencrypted communications.
    • The second <service> tag (shown in green) provides the instructions for encrypted communications and is deactivated by comment tags <!-- -->.
    The plugin configuration file showing an active endpoint for unencrypted communications, and a commented-out endpoint for encrypted communications.
  5. Deactivate the first service instructions by surrounding the <endpoint and </endpoint> tags with a comment tag <!-- -->.
    Tip: The first endpoint tag contains bindingConfiguration="IAccessControlService".
  6. Remove the comment tags <!-- --> from the second service instructions.
    Tip: The second endpoint tag contains bindingConfiguration="IAccessControlService_Encrypted".

    The following side-by-side example shows the configuration file when it is set for unencrypted communications (left) and for encrypted communications (right). The comment tags in the example are highlighted in yellow.

    The configuration file showing the plugin in an encrypted state versus unencrypted.
  7. Save the configuration file.
  8. To apply the changes, in Config Tool, deactivate the CCURE 9000 Access Control plugin role, and then re-activate it.