Manufacturer
1. Security tips
- Have options for password recovery set up
- Set a safe Manufacturer password. Various password generators are available on the web
- Setting individual passwords per Charging Station increases cybersecurity. The drawback: maintenance. Decide at your own discretion
- If you do opt for individual passwords, we recommend keeping the passwords identical between Master-Slave Charging Controllers in a double Charging Station
2. Managing passwords
To ensure secure configuration, set a password for each role:
- Manufacturer
- Installer
- Operator
- User
so that the default passwords can't be used anywhere.
Keep the Manufacturer password secure as leaking it could give malicious actors access to safety-compromising configuration options.
3. Setting the Manufacturer password
- Log in to the Legacy Configuration Interface using the Manufacturer Login Credentials
-
Apply the following configuration:
| Scope | Location in Legacy Configuration Interface | Field | Value |
|---|---|---|---|
| Manufacturer | Manufacturer > Manufacturer Password | Manufacturer Password (enter the current password to confirm) | existing login password |
Manufacturer Password | new password you want to set |
- At the bottom of the Configuration Interface, click , then click to apply the changes
- On double Charging Stations: repeat the steps above on the Slave Charge Controller
Password safety options for the Operator login
Manufacturers can manage Operators' password safety through the following settings:
| Scope | Location in Legacy Configuration Interface | Field | Value | Info |
|---|---|---|---|---|
| Manufacturer | Manufacturer > Manufacturer Password | Enforce Password change | on | Force change of Operator password on the next login attempt |
| Manufacturer > Manufacturer Password | Enforce strong login passwords | on | Enforce the following requirements on new passwords:
|
3.1. Password recovery and PUK settings
There are two ways to ensure a password recovery is possible for the Operator:
3.1.1. Set a Reset Password PUK
The PUK should only be shared with Charge Point Operators if deemed necessary.
Using the PUK, Operators can issue a password reset.
- Log in to the Legacy Configuration Interface using the Manufacturer Login Credentials
- Under Manufacturer, set a
Reset Password PUK - At the bottom of the Configuration Interface, click , then click to apply the changes
PUK recommendations
- The PUK should be at least 8 characters long
- The maximal PUK length is 100 characters
- The PUK can contain alpha-numerical characters, numbers and symbols
3.1.2. Provide the Operator with a Master RFID card
Manufacturers can configure a Master RFID card, enabling the following:
- Password reset: Resetting the password for every role
- Manufacturer defaults: When the master RFID is scanned for 120 seconds, the Charging Station is set back to the Manufacturer defaults
The Manufacturer can pre-configure a Master RFID and hand bundle it with the Charging Station for hand-over.
Multiple recovery options can be in effect at the same time. No extra steps are needed for this.
4. Configuration Interface security
On some Charge Controllers, the Legacy Configuration Interface is activated by default. Before handing Charging Stations over to Operators, we recommend fully disabling the Legacy Configuration Interface or at least changing the default to Configuration Interface.
Besides improved cybersecurity measures, the non-legacy Configuration Interface enforces communication over HTTPS which is inherently safer than HTTP.
4.1. Configuration Interface selection options
-
Apply the following configuration:
| Scope | Location in Legacy Configuration Interface | Field | Value | Info |
|---|---|---|---|---|
| Operator | Operator > Web Interface | Web Interface | 1.0 (legacy) | Sets the Legacy Configuration Interface as the default |
2.0 | Sets the Configuration Interface as the default. The Legacy Configuration Interface is still available | |||
2.0 only | Sets the Configuration Interface as the default and disables access to the Legacy Configuration Interface. Attention: this can only be reset by the Manufacturer through SSH |
- At the bottom of the Configuration Interface, click , then click to apply the changes
Reverting the 2.0 only Configuration Interface option
-
SSH into the Charge Controller as
chargeusing the Login Credentials - Navigate to
/persistencyand delete theWebUIStyle_webfile via this command:
rm WebUIStyle_web
4.2. Enabling HTTPS
- Log in to the Configuration Interface using the Operator Login Credentials
- Under SYSTEM > HTTPS set
Enable HTTPStoOn - At the bottom of the Configuration Interface, click , then click to apply the changes
Because there's no way to validate the IP address of each Charge Controller, you will get a security warning asking you to validate the HTTPS certificate. You can ignore the warning and proceed to the Configuration Interface.
5. Log encryption
Logs can be encrypted with a password to protect sensitive data contained in logs. Here's how:
- Log in to the Legacy Configuration Interface using the Manufacturer Login Credentials
- Under Manufacturer > Manufacturer Password set the
Log PasswordThis is the password for the downloadable log zip file - At the bottom of the Configuration Interface, click , then click to apply the changes