Connect to an Ethernet reader from a BALTECH tool
When connecting to an Ethernet reader from a BALTECH tool, you have 2 options:
-
Encrypted connection
This only works if you use PKI encryption, which is enabled by default. AES encryption is currently not supported. -
Plain connection
This is useful for debugging or testing as the connection is established faster and commands are transmitted in plain text.
Establish an encrypted connection
To establish a PKI-encrypted connection from a BALTECH tool, you need to load the PKI package.
What's a PKI package?
A PKI package is a ZIP file containing the key and certificates that BALTECH tools need to establish a PKI-encrypted connection to a reader.
Out-of-the-box readers
For out-of-the-box readers, use the BALTECH default PKI package PKIAUTH_BALTECH_DEFAULT.zip call_made, available on our website.
PKIs created with BALTECH PKI Certificate Manager
If you've created your own PKI with BALTECH PKI Certificate Manager,
a ready-to-use PKI package has been generated by the tool.
PKIs created with openSSL
If you've created your own PKI with openSSL, you have to create the PKI package yourself. To do so, create a ZIP with the following folder structure:
- A folder named
host_chain
containing the host certificate chain including end entity certificate - A folder named
reader_chain
containing the reader certificate chain without end entity certificate - The host key pair
The above content must be located in the root of the ZIP, not in an additional root level folder.
Load the PKI package
-
Connect the reader to your computer.
-
Open the BALTECH tool, e.g. ID-engine Explorer.
-
Click the reader, then click Select.
-
Select the PKI package and click OK.
The BALTECH tool now creates a PKI-encrypted connection. This may take a few seconds. Once the connection is established, you can perform any action permitted for the certificates in the PKI package.
Establish a plain connection
A plain connection gives you unencrypted and unauthenticated access to a reader. The permissions you have depend on the connection mode:
-
For debugging or testing, connect the reader in maintenance mode. This will give you full control over the reader by default. Note that permissions in maintenance mode can be limited via the reader's security settings.
-
In normal operation mode, you can only access reader information, e.g. firmware, serial number, and configuration, but you cannot perform any actions.
To establish a plain connection:
- Connect the reader to your computer.
- Open the BALTECH tool, e.g. ID-engine Explorer.
-
Click the reader, then click Select.
-
Click Continue without certificates.
The BALTECH tool now creates a plain connection to the reader. Once the connection is established, you can perform the actions permitted for your connection mode.