User's

Manual
FC33 full HDIP
HTTPS communications
IM 85A7C04E-01

IM 85A7C04E-01
1st edition 2020/10/30.
 TOC-1

FC33 full HDIP

HTTPS communications
IM 85A7C04E-01 1st Edition

CONTENTS
A Introduction............................................................................................................................................ i
1 Network settings................................................................................................................................... 1
2 HTTPS ................................................................................................................................................... 2
3 Self-signed Certificate .......................................................................................................................... 3
3.1 Generating Private key ........................................................................................................................ 3
3.2 Generating Self-signed certificate ........................................................................................................ 4
3.3 Downloading Root Certificate............................................................................................................... 6
3.4 Installing Root certificate ...................................................................................................................... 7
3.5 Activation of HTTPS ...........................................................................................................................10
3.6 Confirmation of HTTPS access ...........................................................................................................11
4 Certificate Signing Request (CSR)......................................................................................................12
4.1 Generating Private key .......................................................................................................................12
4.2 Requesting certificate signing to Certificate Authority ..........................................................................12
4.3 Initializing Server certificate ................................................................................................................14
4.4 Installing Root certificate .....................................................................................................................15
4.5 Activation of HTTPS ...........................................................................................................................15
4.6 Confirmation of HTTPS access ...........................................................................................................15
4.7 Re-create Server certificate ................................................................................................................15
5 Delete ...................................................................................................................................................15
6 Initializing Settings ..............................................................................................................................16
7 Restrictions .........................................................................................................................................16
NOTE .......................................................................................................................................................16

IM85A7C04E-01
Blank Page

IM85A7C04E-01
 i

A Introduction
■IM 30B10A10-01J A 1st Edition : 2019.2.7- 00

Warning and Disclaimer

■ HTTPS communications (Hereinafter “this function”)
YOKOGAWA shall have neither liability nor responsibility to any person or entity with respect to any
direct or indirect loss or damage arising from using this function or any defect of this function that
YOKOGAWA cannot predict in advance.

Documentation Conventions
■ NOTE in the manual
NOTE
Draws attention to information essential for understanding the operation and features.

Copyright and Trademark Notices

■ Copyright
The copyright of the programs and online manuals contained in the software medium of the
Software Product shall remain with YOKOGAWA.
You are allowed to print the required pages of the online manuals for the purposes of using or
operating the Product; however, reprinting or reproducing the entire document is prohibited by the
Copyright Law.
Except as stated above, no part of the online manuals may be reproduced, transferred, sold, or
distributed to a third party in any manner (either in electronic or written form including, without
limitation, in the forms of paper documents, electronic media, and transmission via the network). Nor
it may be registered or recorded in the media such as films without permission.

■Trademark
All other company, organization and trade names and logos mentioned in the product are registered
trademarks or trademarks of YOKOGAWA or of their respective companies or organizations.

IM85A7C04E-01
Blank Page

IM85A7C04E-01
 1

1 Network settings
Select [Network] of the Admin Menu in the left column, next, select [Protocol] Tab, then screen
fig.1 shown below will display:

(1) HTTP S
Default settings: enable status and default TCP/IP port number value is 80.
In case of ONVIF access、enabling setting of http will be needed.
(2) HTTPS
(corresponding to this function. For details, please refer to 3.5 or 4.5 “Activation of HTTPS”)
Default settings: disable status and default port number value is 443.
Can only be available when install Server Certificate.
(3) RTSP
Default settings: enable status and default port number value is 554.

Fig.1 Settings of Protocols

IM85A7C04E-01
 2

2 HTTPS
Secure communications can be provided by HTTPS protocol（this function available after ENC
V3.00）. To operate HTTPS communication, a server certificate issued by certificate authority
should be needed.
Selectable for Authority type a Self-signed certificate which this product itself becomes a
certificate, and a Public or a private Certificate as third party.

Start

Private key Generate

Self-signed Certificate
CErtification
Type
CA Certificate
Signing Request

CA Certificate
Self-signed Certificate
Signing Request

CSR file
download ・Issue Server Certificate
・Install Server Certificate

Issue Server Certificate

*
Install Server Certificate Download Root Certificate

Private
Certificate Authority
Certificate Authority
Type
Public
Certificate Get Root Certificate
Authority

Install root certificate

Enable HTTPS

END *You must issue the server certificate yourself.

Fig 2 Operation scheme of HTTPS

Table1 SSL/TLS communication specification

Private key length 2048
Common key AES256
Hash function SHA-256
Digital Certificate X.509

IM85A7C04E-01
 3

NOTE
・Narrowing bitrate and video stream should be needed due to high load processing by HTTPS.
・Before settings HTTPS, time adjustment by NTP and so on should be needed.

3 Self-signed Certificate
This section describes certification step by Self-signed Authority. In case of using public or
private Certificate Authority, please refer to section 4 below

3.1Generating Private key

By clicking “Submit” button in the [Private key Generate] menu, Generating private key will execute.

Fig.3 Generating Private key

IM85A7C04E-01
 4

3.2 Generating Self-signed certificate

Select a radio button of [Self-signed certificate] in [Certificate Generate]-menu, first.
And clicking “Submit” button in the menu, generating step of the Certificate will start.
Then “Is the correct date and time set?” dialog box will popup for confirmation. If the time
and date set up correctly, the generation step can proceed.

Fig.4 Certificate Generate(Self-signed certificate)

Fill each specified content in the Certificate Fields in the “Self-signed certificate” pop up window.
Specified contents in the Certificate are shown in Table 2. After filling up all the Certificate Fields,
click “Submit” button.

Fig. 5 Registration of Self-signed certificate

※ If violated or an irreal contents was typed in, “Submit” button above will be unable to click.

IM85A7C04E-01
 5

Table 2 Certificate Fields and allowable characters

maximum
item Contents of Fields
characters
Common Name URL(FQDN) when connecting SSL or IPv4 address 64
(allowable characters:
half-width alphanumeric, hyphen [-], dot [.])
Country National ISO 2
(allowable characters: uppercase letter)
State or province for example：Tokyo 128
(allowable characters: refer to Note)
Locality for example：Musashino-shi 128
(allowable characters: refer to Note)
Organization for example：Yokogawa Electric Corporation 64
(allowable characters: refer to Note)
Organizational Unit Optional 64
(allowable characters: refer to Note)
Note: half-width alphanumeric, space [ ], comma [,], plus [+], hyphen [-], dot [.], slash [/],
underscore [_], opening parenthesis [(], close parenthesis [)]

Completion of installing Self-signed Server certification brings message as shown Fig.6 below.
Click “Save” button in the Admin Menu field left side to saving settings

Fig 6 Completion of installing Self-signed Server certification

IM85A7C04E-01
 6

3.3 Downloading Root Certificate

Click a “Display” button in the [Certificate information] menu.

Fig. 7-1 Certificate information

Click “Download(Root CA CRT)” button, after confirmation of contents of Certificate. And downloading
CER file from FC 33 to the client laptop will be done.

Fig 8-2 Certificate information(example)

IM85A7C04E-01
 7

3.4 Installing Root certificate

By double clicking an icon symbol of CER file (which was downloaded), open the certificate
window. Next, clicking “Install Certificate...” button at [General]-tab.

Fig. 9 CER file window

Select “Local Machine” radio button and click “Next” button in the “Welcome to the Certificate
Import Wizard” window. (If pop up window for confirmation of changing arose, response by a
button of “OK” or “Yes”.)

Fig. 10 Certificate Import Wizard window

IM85A7C04E-01
 8

Select a “Place all certificate in the following store” button and Click “Browse…” button.

Fig 11 Certificate Store

Select “Trusted Root Certification Authorities” folder and Click “OK” button.

Fig. 12 Selection of Certificate Store

IM85A7C04E-01
 9

Confirm a display that “Trusted Root Certification Authorities” at the frame of “certificate store:” in
window which was re-pop upped. And Click “Next” button.

Fig.13 Certificate Store(re-pop upped)

Click “Finish” button to completing the Certificate Import Wizard.

Fig.14 Completion of Certificate import wizard

IM85A7C04E-01
 10

3.5 Activation of HTTPS

Select [Network] in the Admin Menu list, click [Protocols]- Tab and turn on the check box of
HTTPS as an "enable". Click “Set” button below and next “Save” button to save the settings.

Fig 15 Protocols-tab

Select [System] in the Admin Menu list, select [Reboot]-tab and click “Submit” button to reboot.

Fig 16 Reboot

IM85A7C04E-01
 11

3.6 Confirmation of HTTPS access

Close all windows on your laptop. Type in “https:/common name/ “into the address bar of the
browser, and press enter key to connect. Confirm each normal operation after login.

Fig 17 login screen for HTTPS

If red address bar depicted in the browser, installing of the Certificate may be failed.

IM85A7C04E-01
 12

4 Certificate Signing Request (CSR)

This section describes certification steps by public or private Certificate Authority. In case of
using private Certificate Authority, please refer to section 3 above

4.1 Generating Private key

Please refer to the section 3.1 above

4.2 Requesting certificate signing to

Certificate Authority
Select a radio button of [CA certificate signing request] in [Certificate Generate]-menu, first.
And clicking “Submit” button in the menu, generating step of the Certificate will start.
“CA certificate signing request” dialog box will popup. If the time and date set up correctly,
the generation step can proceed.

Fig 18 Requesting Certificate

Fill each specified content in the Certificate Fields in the “CA certificate signing request” pop
up window. Specified contents in the Certificate are shown in Table 2.
After fill up all the Certificate Fields, click “Download(CSR)” button .

IM85A7C04E-01
 13

Fig. 19 CA certificate signing request

After complete downloading the CSR file, click “Save” button to save settings

Fig. 20 Saving CA certificate settings

Please ask for issuing the Server certificate to Certificate Agency by submitting that CSR file.

IM85A7C04E-01
 14

4.3 Initializing Server certificate

Install the Server-certificate-file being provided from the Certificate Authority into the [Server
certificate installation], as shown below.

The Server-certificate-file can be used X509 of PEM format only. If other type, conversion will be
needed.

[Server certificate installation] will be shown when radio button of [CA certificate signing
request] is selected in the [Certificate Generated] column.

Fig. 21 Initializing Server certificate

In case of the Certificate Authority having Intermediate certificate, open the Server-certificate-file
by Text editor, and coding as shown below:

-----BEGIN CERTIFICATE-----
Contents of Server certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
Contents of Intermediate certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
Contents of Upper Intermediate certificate
-----END CERTIFICATE-----

IM85A7C04E-01
 15

4.4 Installing Root certificate

Root certificates issued by Public Certificate Authority for server certification are pre-installed in
the browser. Therefore, no need to installing newly. In case of server certifications which issued
by Private Certificate Authority, obtain the root certificate from such Private Certificate Authority
and install it. For the installation procedure, please refer to 3.4 Installing Root certificate.

4.5Activation of HTTPS
Please refer to section 3.5 above.

4.6 Confirmation of HTTPS access

Please refer to section 3.6 above.

4.7 Re-create Server certificate

In case of re-creating the server certificate, please execute from the step section 4.2 above.

5 Delete
〔Private key〕 and 〔Server Certificate〕 can be deleted by clicking submit button.

Fig.22 Delete

NOTE
・Unable to delete when HTTPS protocol available setting.
・Unable to delete [Private key] only , when [Server Certificate] is existing.
・Re-create Server Certificate should be needed also, when delete and re-create [Private key].

IM85A7C04E-01
 16

6 Initializing Settings
Clicking execute button can make the initializing Settings. Whole initializing and partial
initializing excepting IPv4 setting can be selectable. Ii case of whole initializing, it will delete
[Private key] and [Server Certificate].

7 Restrictions
➢ Updating ENC firmware from V2 to V3 is available, but not vice versa as downgrade version.
➢ If server certificate was expired, address bar of IE11 browser tarn to red with no SSL
connection.
➢ Video stream (RTSP) as SSL (over HTTPS) communication is unsupported.
➢ When ONVIF communication, enabling http will be needed.

・The contents of this manual are subject to change without notice in future due to
improvements in performance and functions.

NOTE
For details, or If you have any questions, please contact to us.

IM85A7C04E-01
Yokogawa Electric Corporation

Headquarters
9-32 Nakacho, 2-chome, Musashino-shi Tokyo, 180-8750 JAPAN
Phone: +81-422-52-5555
Printed in Japan