Skip to main content
Version: 5.33

Manufacturer

1. Security tips

  • Have options for password recovery set up
  • Set a safe Manufacturer password. Various password generators are available on the web
  • Setting individual passwords per Charging Station increases cybersecurity. The drawback: maintenance. Decide at your own discretion
    • If you do opt for individual passwords, we recommend keeping the passwords identical between Master-Slave Charging Controllers in a double Charging Station

2. Managing passwords

To ensure secure configuration, set a password for each role:

  • Manufacturer
  • Installer
  • Operator
  • User

so that the default passwords can't be used anywhere.

Keep the Manufacturer password secure as leaking it could give malicious actors access to safety-compromising configuration options.

Additionally, we recommend to advise your customers to set passwords individual to each Charge Controller of their charging infrastructure.

3. Setting the Manufacturer password

  1. Log in to the Legacy Config UI using the Manufacturer Login Credentials
  2. Apply the following configuration:

ScopeLocation in Legacy Config UIFieldValue
ManufacturerManufacturer > Manufacturer PasswordManufacturer Password (enter the current password to confirm)existing login password
Manufacturer Passwordnew password you want to set
  1. At the bottom of the Config UI, click , then click to apply the changes
  2. On Double Charging Stations: repeat the steps above on the Slave Charge Controller

Password safety options for the Operator login

Manufacturers can manage Operators' password safety through the following settings:

ScopeLocation in Legacy Config UIFieldValueInfo
ManufacturerManufacturer > Manufacturer PasswordEnforce Password changeonForce change of Operator password on the next login attempt
Enforce strong login passwordsonEnforce the following requirements on new passwords:
  • lower case letters
  • upper case letter
  • digits
  • special characters

3.1. Password recovery and PUK settings

There are two ways to ensure a password recovery is possible for the Operator:

info

The PUK should only be shared with Charge Point Operators if deemed necessary.

Using the PUK, Operators can issue a password reset.

  1. Log in to the Legacy Config UI using the Manufacturer Login Credentials
  2. Under Manufacturer, set a Reset Password PUK
  3. At the bottom of the Config UI, click , then click to apply the changes
PUK recommendations
  • The PUK should be at least 8 characters long
  • The maximal PUK length is 100 characters
  • The PUK can contain alpha-numerical characters, numbers and symbols

4. Config UI security

On some Charge Controllers, the Legacy Config UI is activated by default. Before handing Charging Stations over to Operators, we recommend fully disabling the Legacy Config UI or at least changing the default to Config UI.

Besides improved cybersecurity measures, the non-legacy Config UI allows for communication over HTTPS.

4.1. Config UI selection options

  1. Apply the following configuration:

ScopeLocation in Legacy Config UIFieldValueInfo
OperatorOperator > Web InterfaceWeb Interface1.0 (legacy)Sets the Legacy Config UI as the default
2.0Sets the Config UI as the default. The Legacy Config UI is still available
2.0 onlySets the Config UI as the default and disables access to the Legacy Config UI.
Attention: this can only be reset by the Manufacturer through SSH
  1. At the bottom of the Config UI, click , then click to apply the changes
Reverting the 2.0 only Config UI option
  1. SSH into the Charge Controller as charge using the Login Credentials
  2. Navigate to /persistency and delete the WebUIStyle_web file via this command:
rm WebUIStyle_web

4.2. Enabling HTTPS

  1. Log in to the Config UI using the Operator Login Credentials
  2. Under SYSTEM > HTTPS set Enable HTTPS to On
  3. At the bottom of the Config UI, click , then click to apply the changes
info

Because there's no way to validate the IP address of each Charge Controller, you will get a security warning asking you to validate the HTTPS certificate. You can ignore the warning and proceed to the Config UI.

5. Log encryption

Logs can be encrypted with a password to protect sensitive data contained in logs. Here's how:

  1. Log in to the Legacy Config UI using the Manufacturer Login Credentials
  2. Under Manufacturer > Manufacturer Password set the Log Password This is the password for the downloadable log zip file
  3. At the bottom of the Config UI, click , then click to apply the changes