Connect to an Ethernet reader from a BALTECH tool

When connecting to an Ethernet reader from a BALTECH tool, you have 2 options:

Establish an encrypted connection

To establish a PKI-encrypted connection from a BALTECH tool, you need to load the PKI package.

What's a PKI package?

A PKI package is a ZIP file containing the key and certificates that BALTECH tools need to establish a PKI-encrypted connection to a reader.

Out-of-the-box readers

For out-of-the-box readers, use the BALTECH default PKI package PKIAUTH_BALTECH_DEFAULT.zip call_made, available on our website.

PKIs created with BALTECH PKI Certificate Manager

If you've created your own PKI with BALTECH PKI Certificate Manager, a ready-to-use PKI package has been generated by the tool.
Screenshot: Example PKI package created by BALTECH PKI Certificate Manager

PKIs created with openSSL

If you've created your own PKI with openSSL, you have to create the PKI package yourself. To do so, create a ZIP with the following folder structure:

  • A folder named host_chain containing the host certificate chain including end entity certificate
  • A folder named reader_chain containing the reader certificate chain without end entity certificate
  • The host key pair

The above content must be located in the root of the ZIP, not in an additional root level folder.

Load the PKI package

  1. Connect the reader to your computer.

  2. Open the BALTECH tool, e.g. ID-engine Explorer.

  3. Click the reader, then click Select.

    My reader doesn't show up

    In general, Ethernet readers may take a while to show up, especially when you have a large network.

    If the reader remains undetected, try the following:

    • In the bottom left, click Show Details.
    • Make sure Show Ethernet Readers is enabled.
    • Click Manual Ethernet Reader Search and enter the reader's IP address.

    Screenshot: Options to find an Ethernet reader via a BALTECH tool

    Screenshot: Select an Ethernet reader from a BALTECH tool

  4. Select the PKI package and click OK.

    Screenshot: Load the PKI package for an Ethernet reader into a BALTECH tool

The BALTECH tool now creates a PKI-encrypted connection. This may take a few seconds. Once the connection is established, you can perform any action permitted for the certificates in the PKI package.

Establish a plain connection

A plain connection gives you unencrypted and unauthenticated access to a reader. The permissions you have depend on the connection mode:

  • For debugging or testing, connect the reader in maintenance mode. This will give you full control over the reader by default. Note that permissions in maintenance mode can be limited via the reader's security settings.

  • In normal operation mode, you can only access reader information, e.g. firmware, serial number, and configuration, but you cannot perform any actions.

To establish a plain connection:

  1. Connect the reader to your computer.
  2. Open the BALTECH tool, e.g. ID-engine Explorer.
  3. Click the reader, then click Select.

    My reader doesn't show up

    In general, Ethernet readers may take a while to show up, especially when you have a large network.

    If the reader remains undetected, try the following:

    • In the bottom left, click Show Details.
    • Make sure Show Ethernet Readers is enabled.
    • Click Manual Ethernet Reader Search and enter the reader's IP address.

    Screenshot: Options to find an Ethernet reader via a BALTECH tool

    Screenshot: Select an Ethernet reader from a BALTECH tool

  4. Click Continue without certificates.
    Screenshot: Establish an unencrypted connection to an Ethernet reader from a BALTECH tool

The BALTECH tool now creates a plain connection to the reader. Once the connection is established, you can perform the actions permitted for your connection mode.