Direct connection of devices to the Administration Server
KES devices can connect directly to port 13292 of the Administration Server.
Depending on the method used for authentication, two options are possible for connection of KES devices to the Administration Server:
- Connecting devices with a user certificate
- Connecting devices without a user certificate
Connecting a device with a user certificate
When connecting a device with a user certificate, that device is associated with the user account to which the corresponding certificate has been assigned through Administration Server tools.
In this case, two-way SSL authentication (mutual authentication) will be used. Both the Administration Server and the device will be authenticated with certificates.
Connecting a device without a user certificate
When connecting a device without a user certificate, that device is associated with none of the user's accounts on the Administration Server. However, when the device receives any certificate, the device will be associated with the user to which the corresponding certificate has been assigned through Administration Server tools.
When connecting that device to the Administration Server, one-way SSL authentication will be applied, which means that only the Administration Server is authenticated with the certificate. After the device retrieves the user certificate, the type of authentication will change to two-way SSL authentication (2-way SSL authentication, mutual authentication).