Security

Warning

The CCM ensures that you do not turn off port 80 without testing your certificate. If you turn off port 80 without ensuring that you can reach the CCM using port 433 it is possible to get locked out of your CCM. If this happens, you must reset the Base Station from the front panel menus. This will remove all configuration, including network details from your Base Station.

Note:Some knowledge of certificate authorization and HTTPS is needed when setting up a secure connection between a PC hosting the Core Configuration Manager (CCM) and a Base Station.
Note:Each browser type (for example, Safari, Chrome, Edge, Firefox) uses its own method for certificate management. These methods can change with time and is beyond the control of Clear-Com. Please refer to the instructions supplied with your browser if you require more information.

The following are some of the main security features.

Secure HyperText Transfer Protocol (HTTPS)

HTTPS is an adaptation of the HTTP protocol. It protects against an intermediary being able to intercept data between devices, using data encryption and Public Key Cryptography to create a secured channel.

Using HTTPS

When using the CCM to establish your intercom setup, you might wish to protect your login credentials and configuration details from unauthorized interference. In this case you will establish an encrypted connection between the CCM and your Base Station using the Force HTTPS feature.

The Force HTTPS Feature

The Base Station uses port 80 (HTTP) and port 433 (HTTPS) for management. If you wish to create a secured route for data between the CCM and the Base Station you must:

  • Install a security certificate

  • Turn off port 80, forcing traffic to use port 433

This creates a certified and encrypted connection between the Base Station and the PC accessing the CCM.

Forcing HTTPS

  1. Chose and install a security certificate on the PC or browser used to reach the CCM of the Base Station. Clear-Com offers a choice of 3 different types of certificate, offering different levels of security.

  2. Test the certificate by trying to reach the CCM on the HTTPS port. Type: HTTPS:// device IP address in the browser URL field and press the [Enter] key.


    To enable Force HTTPS in the CCM navigate to: Hardware > Resources > Host Cog button > Security and click to enable Force HTTPS. This turns port 80 off, forcing traffic to use port 433.

    security page

Using Security Certificates

There are three types of security certificate available. Choose the certification option that best suits your security requirements:

  • A certificate of your own choosing (full chain and private key)

  • An EasyDNS authorized certificate for *.clearcomdevices.com (this option requires you to register your Base Station with a DNS server) and cannot be used unless your Base Station has internet access

  • The Clear-Com self-signed certificate

More detail about certificates:

  1. A certificate of your own choosing. This option gives you complete control over the security of your Base Station. This option requires specialized knowledge about how to obtain a fullchain certificate and private key, and how to install them on your browser. When using your own certificate you might have to provide a DNS server address and register the Base Station.

  2. The EasyDNS certificate. This is a commercial certificate. When using the EasyDNS certificate you have to have a DNS server address for Base Station registration and a gateway for your device in order for the browser to verify the certificate with AlphaSSL and GlobalSign.

  3. The Clear-Com self-signed certificate (default). This certificate can be used in a private network (does not require Internet access to verify the certificate). It can also be used to perform an initial test of your security setup. Warning: Browsers can be configured to trust the self-signed certificate, but this process will vary between browsers.