Skip to content

Connect to an Ethernet reader from a BALTECH tool

When connecting to an Ethernet reader from a BALTECH tool, you have 2 options:

Establish an authenticated and encrypted connection

To establish a PKI-authenticated and encrypted connection from a BALTECH tool, you need to load the PKI package.

What's a PKI package?

A PKI package is a ZIP file containing the key and certificates that BALTECH tools need to establish a PKI-authenticated and encrypted connection to a reader.

Out-of-the-box readers

For out-of-the-box readers, use the BALTECH default PKI package PKIAUTH_BALTECH_DEFAULT.zip , available on our website.

PKIs created with BALTECH PKI Certificate Manager

If you've created your own PKI with BALTECH PKI Certificate Manager, a ready-to-use PKI package has been generated by the tool.
Screenshot: Example PKI package created by BALTECH PKI Certificate Manager

PKIs created with openSSL

If you've created your own PKI with openSSL, you have to create the PKI package yourself. To do so, create a ZIP with the following folder structure:

  • A folder named host_chain containing the host certificate chain including end entity certificate
  • A folder named reader_chain containing the reader certificate chain without end entity certificate
  • The host key pair

The above content must be located in the root of the ZIP, not in an additional root level folder.

Load the PKI package

  1. Connect the reader to your computer.

  2. Open the BALTECH tool, e.g. ID-engine Explorer.

  3. Click the reader, then click Select.

    My reader doesn't show up in the selection dialog.

    In general, Ethernet readers may take a while to show up, especially when you have a large network.

    If the reader remains undetected, try the following:

    • In the bottom left, click Show Search Options.
    • Make sure Show Ethernet Readers is enabled.
    • Click Manual Ethernet Reader Search and enter the reader's IP address.

    Screenshot: Options to find an Ethernet reader via a BALTECH tool

    Screenshot: Select an Ethernet reader from a BALTECH tool

  4. Select the PKI package and click OK.

    Screenshot: Load the PKI package for an Ethernet reader into a BALTECH tool

The BALTECH tool now creates a PKI-authenticated and encrypted connection. This may take a few seconds. Once the connection is established, you can perform any action permitted for the certificates in the PKI package.

Establish a plain connection

A plain connection gives you unauthenticated and unencrypted access to a reader. The permissions you have in normal operation mode and maintenance mode depend on the PKI Authentication and Encryption settings in the Ethernet host interface component.

If the reader is unconfigured, you can only establish a plain connection in maintenance mode. In normal mode, you'll only get access to reader information, e.g. firmware, serial number, and configuration, but you cannot perform any actions.

To establish a plain connection:

  1. Connect the reader to your computer.
  2. Open the BALTECH tool, e.g. ID-engine Explorer.
  3. Click the reader, then click Select.

    My reader doesn't show up in the selection dialog.

    In general, Ethernet readers may take a while to show up, especially when you have a large network.

    If the reader remains undetected, try the following:

    • In the bottom left, click Show Search Options.
    • Make sure Show Ethernet Readers is enabled.
    • Click Manual Ethernet Reader Search and enter the reader's IP address.

    Screenshot: Options to find an Ethernet reader via a BALTECH tool

    Screenshot: Select an Ethernet reader from a BALTECH tool

  4. Click Continue without certificates.
    Screenshot: Establish a plain connection to an Ethernet reader from a BALTECH tool

The BALTECH tool now creates a plain connection to the reader. Once the connection is established, you can perform the actions permitted for your connection mode.

Title