Title:
How to Configure Secure Services (HTTPS, SSH, and RADIUS) on SAGE RTU
Issue:
Need to enable secure communication and centralized authentication on SAGE RTU for compliance and cybersecurity.
Product:
SAGE Remote Terminal Unit (RTU) All models
Environment:
- Firmware version C3414-500-S02YZ or later
- Config@WEB GUI accessible via HTTPS
- User Manager and Configuration Converter tools installed on PC (.NET Framework 3.5+)
Cause:
Default configuration may allow insecure protocols (HTTP, Telnet, FTP). Secure services must be enabled to meet security standards and prevent unauthorized access.
Resolution:
1.- Enable Secure Services via GUI:
- Navigate to CPU Configuration → Services Setup.
- Select the following options for maximum security:
-
-
- HTTPS (Port 443) for encrypted web access
- SSH Server (Port 22) for secure remote shell
- SFTP for secure file transfer
- Enable Remote Shell for VxWorks shell access
- IPsec for VPN traffic encryption
- Enable RADIUS Authentication for centralized user management
-
2.- Configure RADIUS Authentication:
- Enable RADIUS client in CPU Configuration.
- Click Configure Servers and enter:
- IP Address of RADIUS server
- UDP Port (default 1812)
- Retries and Timeout values
- Shared Secret (must match on RTU and RADIUS server)
- Click Configure Servers and enter:
- Up to 5 RADIUS servers can be configured.
3.- Generate and Install Keys:
- SSH: Generate DSA/RSA keys for RTU and users; include in user package via User Manager.
- HTTPS: Replace default SSL key and certificate using Configuration Converter; generate custom files externally.
4.-Apply Changes:
- Upload updated configuration via GUI Up/Download tab.
- Perform RTU reset for changes to take effect.
