Configuring Live Energy Connect for Secure ICCP

To use Secure ICCP with Live Energy Connect (LEC) you need to:

• prepare and deploy the required certificates for the Secure ICCP association(s).
• enable Secure ICCP in your LEC configuration.
• configure the Stunnel Windows services.

On this page:

• Configuring Live Energy Connect for Secure ICCP
• Prepare and Deploy the Required Certificates for the Secure ICCP Association(s)
• Enable Secure ICCP in the LEC Configuration
• Configure Stunnel Windows Services

Prepare and Deploy the Required Certificates for the Secure ICCP Association(s)

Secure ICCP uses encrypted or authentication at two levels: the Transport layer, SSL/TLS, and the application layer. Therefore, each side of a Secure ICCP association needs to make use of two sets of certificates.

For detailed instructions on how to deploy the certificates used in an LEC configuration with Secure ICCP, see Deploying Certificates Used for Secure ICCP.

Back to Top

Enable Secure ICCP in the LEC Configuration

If an LEC Server configuration that uses Secure ICCP is created from scratch or if an existing configuration is being modified to use Secure ICCP, some parameters need to be adjusted in the LEC Configuration Manager.

To specify that Secure ICCP should be used:

1. Open the Server tab in the Properties panel.
2. Change the Global flags field from 1 to 3, and then click Apply.
3. With the appropriate VMD selected, open the VMD tab in the Properties panel.
4. In the Flags field, change the SECURITY_FLAG option to Set, and then click Apply.

   Note: If a VCC’s flags are generated by a setup batch file, then specify that the SECURITY_FLAG is set in the setup batch file instead.

5. Repeat steps 3 and 4 for each local VCC using Secure ICCP in your configuration.
6. Open the LDIB Editor tab in Central panel of the Configuration Manager and click Refresh.
7. Enable the Secure ICCP option for each local VCC using Secure ICCP in your configuration and click Apply.

Back to Top

Configure Stunnel Windows Services

Upon installation, LEC creates two Windows services:

• LecClientTunnel
• LecServerTunnel

Both services are initially configured to be started manually. In production environments, you will typically want the service to start automatically.

If your LEC configuration accepts inbound Secure ICCP associations, you must configure the Windows service called LecServerTunnel to start automatically by using the Windows Services app. Similarly, if your configuration makes outbound Secure ICCP associations, you must configure the Windows service called LecClientTunnel to start automatically.

Whenever the LEC Server starts, it creates Stunnel configuration files for these services based on your configuration.

After starting an LEC configuration with Secure ICCP for the first time, you must start or restart the appropriate Stunnel service in order for it to use its new configuration.

Note: If you make any changes to your LEC Secure ICCP configuration, you must restart the Stunnel service to uptake those changes.

Back to Top