Connect to an Ethernet reader from a BALTECH tool
When connecting to an Ethernet reader from a BALTECH tool, you have 2 options:
- Authenticated and encrypted connection
This works based on PKI, which is enabled by default. - Plain connection
This is useful for debugging or testing as the connection is established faster and commands are transmitted in plain text.
Establish an authenticated and encrypted connection
To establish a PKI-authenticated and encrypted connection from a BALTECH tool, you need to load the PKI package.
What's a PKI package?
A PKI package is a ZIP file containing the key and certificates that BALTECH tools need to establish a PKI-authenticated and encrypted connection to a reader.
Out-of-the-box readers
For out-of-the-box readers, use the BALTECH default PKI package PKIAUTH_BALTECH_DEFAULT.zip , available on our website.
PKIs created with BALTECH PKI Certificate Manager
If you've created your own PKI with BALTECH PKI Certificate Manager,
a ready-to-use PKI package has been generated by the tool.
PKIs created with openSSL
If you've created your own PKI with openSSL, you have to create the PKI package yourself. To do so, create a ZIP with the following folder structure:
- A folder named
host_chaincontaining the host certificate chain including end entity certificate - A folder named
reader_chaincontaining the reader certificate chain without end entity certificate - The host key pair
The above content must be located in the root of the ZIP, not in an additional root level folder.
Load the PKI package
-
Connect the reader to your computer.
-
Open the BALTECH tool, e.g. ID-engine Explorer.
-
Click the reader, then click Select.
My reader doesn't show up in the selection dialog.
In general, Ethernet readers may take a while to show up, especially when you have a large network.
If the reader remains undetected, try the following:
- In the bottom left, click Show Search Options.
- Make sure Show Ethernet Readers is enabled.
- Click Manual Ethernet Reader Search and enter the reader's IP address.
-
Select the PKI package and click OK.
The BALTECH tool now creates a PKI-authenticated and encrypted connection. This may take a few seconds. Once the connection is established, you can perform any action permitted for the certificates in the PKI package.
Establish a plain connection
A plain connection gives you unauthenticated and unencrypted access to a reader. The permissions you have in normal operation mode and maintenance mode depend on the PKI Authentication and Encryption settings in the Ethernet host interface component.
If the reader is unconfigured, you can only establish a plain connection in maintenance mode. In normal mode, you'll only get access to reader information, e.g. firmware, serial number, and configuration, but you cannot perform any actions.
To establish a plain connection:
- Connect the reader to your computer.
- Open the BALTECH tool, e.g. ID-engine Explorer.
-
Click the reader, then click Select.
My reader doesn't show up in the selection dialog.
In general, Ethernet readers may take a while to show up, especially when you have a large network.
If the reader remains undetected, try the following:
- In the bottom left, click Show Search Options.
- Make sure Show Ethernet Readers is enabled.
- Click Manual Ethernet Reader Search and enter the reader's IP address.
-
Click Continue without certificates.
The BALTECH tool now creates a plain connection to the reader. Once the connection is established, you can perform the actions permitted for your connection mode.