Configuring Live Energy Connect for Secure ICCP

To use Secure ICCP with Live Energy Connect you will need to:

  • Prepare and deploy the required certificates for the Secure ICCP association(s).
  • Enable Secure ICCP in your Live Energy Connect configuration.
  • Configure the Stunnel Windows services.

Prepare and Deploy the Required Certificates for the Secure ICCP Association(s)

Secure ICCP is encrypted or authenticated at two levels, the transport layer (SSL/TLS) and the application layer. Therefore, each side of a Secure ICCP association needs to make use of two sets of certificates.

For detailed instructions on how to deploy the certificates used in a Live Energy Connect configuration with Secure ICCP, see Deploying Certificates Used for Secure ICCP.

Enable Secure ICCP in the Live Energy Connect Configuration

If you are creating a new Live Energy Connect server configuration that uses Secure ICCP, or if you are modifying an existing configuration to use Secure ICCP, you will need to adjust some parameters in the Live Energy Connect Configuration Manager.

The following steps outline how to specify Secure ICCP within the Live Energy Connect Configuration Manager:

  1. Open the Server tab in the Properties panel, change the Global flags field from 1 to 3, and click Apply.
  2. With the appropriate VMD selected, open the VMD tab from the Properties panel.
  3. In the Flags field, change the SECURITY_FLAG option to Set, and click Apply.

    Note: If a VCC’s flags are generated by a setup batch file, then specify that the SECURITY_FLAG is set in the setup batch file instead.

  4. Repeat steps 2 and 3 for each local VCC using Secure ICCP in your configuration.
  5. Open the LDIB Editor tab in Central panel of the Configuration Manager and click Refresh.
  6. Enable the Secure ICCP option for each local VCC using Secure ICCP in your configuration and click Apply.

Configure Stunnel Windows Services

Live Energy Connect creates two Windows services when it is installed, LecClientTunnel and LecServerTunnel. By default, these services are configured to start manually, but in production environments, you will want the service to start automatically.

If your Live Energy Connect configuration accepts inbound Secure ICCP associations, then you must configure the Windows service called LecServerTunnel to start automatically by using the Windows Services app. Similarly, if your configuration makes outbound Secure ICCP associations, then you must configure the Windows service, LecClientTunnel to start automatically. When the Live Energy Connect server starts, it creates Stunnel configuration files for LecClientTunnel and LedServerTunnel based on your configuration.

After starting a Live Energy Connect configuration with Secure ICCP for the first time, you must start or restart the appropriate Stunnel service to use the new configuration.

Note: If you make any changes to your Live Energy Connect Secure ICCP configuration, you must restart the Stunnel service.

Back to Top