Enabling transport encryption on the CCURE 9000 proxy service - CCURE Access Control 3.8.0

CCURE 9000 Access Control Plugin Guide 3.8.0

Product
CCURE 9000 Access Control
Content type
Guides > Plugin and extension guides
Version
3.8
Release
3.8.0
Language
English
Last updated
2023-10-10

By default, communications are unencrypted for the Genetec™ Security Center - Software House CCURE 9000 Access Control Proxy Service. After putting the SSL certificate on the CCURE 9000 server, you must configure the proxy service to encrypt communications by using the GenetecCCUREPlugin certificate.

Before you begin

Create the certificate on the CCURE 9000 server.

What you should know

The proxy configuration file contains connection configurations (service bindings) for both unencrypted and encrypted communications. Only one can be enabled at a time.
IMPORTANT: The plugin server and the proxy service must both use the same type of communications; either encrypted or unencrypted. If the proxy is encrypted and the plugin server is not, the plugin cannot operate. To minimize downtime, you must update the configuration on both the proxy service and the plugin server at the same time.

Procedure

  1. On the CCURE 9000 server, find the Genetec.NextGenConnectedProgram.Plugin.Service.exe.config file.
    By default, the file is in C:\Program Files (x86)\Tyco\CrossFire.
  2. Make a backup copy of the configuration file.
  3. Open the configuration file in Notepad.
  4. Find the following line: <service name="Genetec.NextGenConnectedProgram.Plugin.Service.AccessControlService">.
    The configuration file contains two <service> tags:
    • The first <service> tag (shown in blue) provides the instructions for unencrypted communications.
    • The second <service> tag (shown in green) provides the instructions for encrypted communications and is deactivated by comment tags <!-- -->.
    The proxy service configuration file showing an active endpoint for unencrypted communications, and a commented-out endpoint for encrypted communications.
  5. Deactivate the unencrypted service instructions by surrounding the first <service and </service> tags with comment tags <!-- -->.
    Tip: The first service tag contains bindingConfiguration= "AccessControlServiceConfiguration"
  6. Enable encryption by removing the comment tags <!-- --> from the second service instructions.
    Tip: The second service tag contains bindingConfiguration="AccessControlServiceConfiguration_Encrypted"

    The following side-by-side example shows the configuration file when it is set for unencrypted communications (left) and for encrypted communications (right). The comment tags in the example are highlighted in yellow.

    The configuration file showing the proxy service in an encrypted state versus unencrypted.
  7. Save the configuration file.
  8. Restart the proxy service to apply the configuration changes.
    Open the Windows Services management console (services.msc), and then restart Genetec Security Center CCURE Proxy Service.
    IMPORTANT: All plugins in your system that are unencrypted are now unable to communicate with the CCURE 9000 server.
  9. If the proxy service does not restart, try the following:
    • Revert to the original copy of the configuration file.
    • Try changing the file again.
      Tip: Move only the comment markers and be sure they encompass the matching <service> and </service> tags only.
    • Ensure that the certificate is installed correctly on the CCURE 9000 server.
    • Make sure that the certificate is issued to GenetecCCUREPlugin.