Manufacturer

1. Security tips

• Have options for password recovery set up
• Set a safe Manufacturer password. Various password generators are available on the web
• Setting individual passwords per Charging Station increases cybersecurity. The drawback: maintenance. Decide at your own discretion
  • If you do opt for individual passwords, we recommend keeping the passwords identical between Master-Slave Charging Controllers in a double Charging Station

2. Managing passwords

To ensure secure configuration, set a password for each role:

• Manufacturer
• Installer
• Operator
• User

so that the default passwords can't be used anywhere.

Keep the Manufacturer password secure as leaking it could give malicious actors access to safety-compromising configuration options.

Additionally, we recommend to advise your customers to set passwords individual to each Charge Controller of their charging infrastructure.

3. Setting the Manufacturer password

1. Log in to the Legacy Config UI using the Manufacturer Login Credentials

2. Apply the following configuration:

Scope	Location in Legacy Config UI	Field	Value
Manufacturer	Manufacturer > Manufacturer Password	Manufacturer Password (enter the current password to confirm)	existing login password
		Manufacturer Password	new password you want to set

3. At the bottom of the Config UI, click , then click to apply the changes
4. On Double Charging Stations: repeat the steps above on the Slave Charge Controller

Password safety options for the Operator login

Manufacturers can manage Operators' password safety through the following settings:

Scope	Location in Legacy Config UI	Field	Value	Info
Manufacturer	Manufacturer > Manufacturer Password	Enforce Password change	on	Force change of Operator password on the next login attempt
		Enforce strong login passwords	on	Enforce the following requirements on new passwords: lower case letters upper case letter digits special characters

3.1. Password recovery and PUK settings

There are two ways to ensure a password recovery is possible for the Operator:

Password Reset PUK

info

The PUK should only be shared with Charge Point Operators if deemed necessary.

Using the PUK, Operators can issue a password reset.

1. Log in to the Legacy Config UI using the Manufacturer Login Credentials
2. Under Manufacturer, set a Reset Password PUK
3. At the bottom of the Config UI, click , then click to apply the changes

PUK recommendations

• The PUK should be at least 8 characters long
• The maximal PUK length is 100 characters
• The PUK can contain alpha-numerical characters, numbers and symbols

Master RFID Card

Manufacturers can configure a Master RFID card, enabling the following:

1. Password reset: Resetting the password for every role
2. Manufacturer defaults: When the master RFID is continuously scanned for 2 minutes, the Charging Station is set back to the Manufacturer defaults

Pre-configuring a Master RFID card

Manufacturers can pre-configure an RFID card to be used as a Master RFID Card and bundle it with the Charging Station at hand-over.
Alternatively, Manufacturers can hand out 1-2 blank RFID cards for later use by Operators for the purpose of password reset.

Multiple active recovery options

Multiple recovery options can be in effect at the same time. No extra steps are needed for this.

Configuring a Master RFID card for password recovery and configuration reset

An RFID card can be set up as a Master RFID card by specifying the RFID tag in the Config UI.
Two RFID tags can be stored in total.

Relevant settings

Location in Config UI	Location in Legacy Config UI	Parameter	Info
AUTHORIZATION > RFID Settings	Manufacturer	Enforce Master RFID	Force creating an RFID Master Card when the Operator password is changed.
N/A	Operator	Factory Reset by RFID	When filled with at least one RFID tag, the factory reset through RFID function is enabled. leave empty to keep this feature disabled

caution

Once at least one RFID tag is stored in the Factory Reset by RFID field, it cannot be left empty again, unless the Enforce Master RFID setting is disabled beforehand.

Configuration reset

1. Make sure the Factory Reset by RFID field is filled with at least one RFID tag
2. Scan the Master RFID card for 2 minutes to reset the configuration

4. Config UI security

On some Charge Controllers, the Legacy Config UI is activated by default. Before handing Charging Stations over to Operators, we recommend fully disabling the Legacy Config UI or at least changing the default to Config UI.

Besides improved cybersecurity measures, the non-legacy Config UI allows for communication over HTTPS.

4.1. Config UI selection options

1. Apply the following configuration:

Scope	Location in Legacy Config UI	Field	Value	Info
Operator	Operator > Web Interface	Web Interface	1.0 (legacy)	Sets the Legacy Config UI as the default
			2.0	Sets the Config UI as the default. The Legacy Config UI is still available
			2.0 only	Sets the Config UI as the default and disables access to the Legacy Config UI. Attention: this can only be reset by the Manufacturer through SSH

2. At the bottom of the Config UI, click , then click to apply the changes

Reverting the 2.0 only Config UI option

1. SSH into the Charge Controller as charge using the Login Credentials
2. Navigate to /persistency and delete the WebUIStyle_web file via this command:

rm WebUIStyle_web

4.2. Enabling HTTPS

1. Log in to the Config UI using the Operator Login Credentials
2. Under SYSTEM > HTTPS set Enable HTTPS to On
3. At the bottom of the Config UI, click , then click to apply the changes

info

Because there's no way to validate the IP address of each Charge Controller, you will get a security warning asking you to validate the HTTPS certificate. You can ignore the warning and proceed to the Config UI.

5. Log encryption

Logs can be encrypted with a password to protect sensitive data contained in logs. Here's how:

1. Log in to the Legacy Config UI using the Manufacturer Login Credentials
2. Under Manufacturer > Manufacturer Password set the Log Password This is the password for the downloadable log zip file
3. At the bottom of the Config UI, click , then click to apply the changes