Home
Administrator Guide
Learn about Synergis Cloud Link hardware and software.
General configuration
Learn how to configure your Synergis Cloud Link unit.
Synergis Cloud Link configuration
Using self-signed certificates
A Synergis™ Cloud Link comes with an X.509 certificate that was generated during production. Replace the default certificate to enhance security by generating a new self-signed certificate.

Release Notes
Learn about the Synergis Cloud Link release.
Hardware Installation Guide
Learn how to install and connect your Synergis Cloud Link appliance.
Administrator Guide
Learn about Synergis Cloud Link hardware and software.
- Preface
- Introduction
- General configuration
  Learn how to configure your Synergis Cloud Link unit.
  - Synergis Cloud Link configuration
    - Preparing to configure the Synergis Cloud Link unit
      Before you can configure a Synergis™ Cloud Link unit, you must perform some pre-configuration steps.
    - Configuring the Synergis Cloud Link unit
      You can configure the Synergis™ Cloud Link unit after the pre-configuration steps are completed.
    - Configuring the network properties
      To make sure the Synergis™ Cloud Link unit can be reached on your Security Center system’s network, you must configure the unit's network properties.
    - Using self-signed certificates
      A Synergis™ Cloud Link comes with an X.509 certificate that was generated during production. Replace the default certificate to enhance security by generating a new self-signed certificate.
    - Using trusted certificates
      The authenticity of the self-signed certificate that comes with the unit by default is not enforced as usual with the Public Key Infrastructure. To be more secure, you can use a fully trusted certificate signed by a certificate authority instead.
    - Configuring interface modules connected to the Synergis Cloud Link unit
      To establish communication between the Synergis™ Cloud Link unit and the connected interface modules, you must configure them in the Synergis™ Appliance Portal.
    - Testing the connected interface modules
      You can test your hardware connections and configuration by monitoring their responses in real time on the I/O diagnostics page of the Synergis™ Appliance Portal.
    - Configuring unit-wide parameters
      Most interface module behavior is common to all interface modules connected to the same Synergis™ Cloud Link unit. You can configure these unit-wide settings on the Unit-wide parameters page of the Synergis™ Appliance Portal.
    - Configuring reader LED and beeper settings
      You can configure the reader LED and beeper behavior to communicate various access control states to the person standing at a door. For example, you can make the LED flash in amber color when the system is waiting for a PIN to be entered.
    - Copying the reader LED and beeper settings from one unit to another
      You can export the LED and beeper settings from one Synergis™ Cloud Link unit and import them into other Synergis Cloud Link units.
    - Disabling output controls
      To prevent doors from being unlocked through the Synergis™ Appliance Portal, you can disable the control of output states.
    - About the automation engine feature
      Automation engine is the Synergis™ Softwire feature that executes rules, similar to event-to-actions in Security Center. Automation engine works even when the Synergis™ unit is disconnected from its Access Manager.
    - Configuring automation engine rules
      To trigger actions when an access control event occurs, configure automation engine rules in the Synergis™ Appliance Portal. For example, increase the minimum security clearance of an area when a door input goes into a trouble state.
    - Configuring downstream controller settings
      You can configure interface-module-specific behavior for all the interface modules connected to the same Synergis™ Cloud Link unit on the Downstream controller settings page of the Synergis™ Appliance Portal.
    - Configuring MIFARE DESFire
      To enable MIFARE DESFire on your Synergis™ Cloud Link, you must load the configuration file, then associate the configuration with your STid SSCP or OSDP transparent readers.
    - Unlocking SAM cards
      Storing cryptographic keys on MIFARE Secure Access Module (SAM) cards instead of the Synergis™ key store increases security because the keys cannot be retrieved. The SAM cards must be unlocked to interact with Synergis™ Cloud Link for cryptographic operations.
    - Enabling key versioning for SAM cards
      To use application read key versions with your MIFARE SAM cards, configure the cards with up to three keys using a SAM card configuration tool, then enable key versioning in the Synergis™ Appliance Portal.
    - About the Synergis key store
      The Synergis™ key store is used to configure and store cryptographic keys.
    - Using key hashes in the Synergis key store
      You can use key hashes to verify keys in the Synergis key store against other units, or against the SAM card or key card production tool that produced the keys.
    - Changing the PIN entry timeout for doors
      When long PINs are being used, you can change the PIN entry timeout to give cardholders more time to enter their PINs.
    - Configuring event logging on the Synergis Cloud Link unit
      The Synergis™ Cloud Link unit can keep detailed logs for troubleshooting and support. However, these logs are turned off by default. Turn them on if you want to view troubleshooting reports or to download the support logs.
    - Configuring auxiliary event logging in the cloud for the Synergis Cloud Link unit
      Configure your Synergis™ Cloud Link unit to connect to an Azure Application Insights resource, so that logs can be stored in the cloud in addition to being stored on the unit itself. This can simplify analyzing logs and running monitoring tools on them.
    - Configuring audit log retention for the Synergis Cloud Link unit
      You can configure how long the audit logs for the Synergis™ Cloud Link unit are kept before they are automatically deleted.
    - Enrolling Synergis Cloud Link units in Security Center
      To enroll a Synergis™ Cloud Link unit in Security Center, assign the unit to an Access Manager role.
    - Synchronizing the Synergis Cloud Link unit with the Access Manager
      Some settings on the Synergis™ Cloud Link unit are not automatically synchronized with the Access Manager. If you change settings on the unit through the Synergis™ Appliance Portal, such as its logon password, its IP address, or the way it responds to connection requests, then you must change the same settings on the Access Manager in Config Tool.
    - Configuring the monitoring inputs on the Synergis Cloud Link appliance
      You can use the four inputs on the Synergis™ Cloud Link appliance to monitor the physical installation of the appliance. For example, you can connect an input to a tamper switch on the enclosure in which the appliance is installed.
- Integration-specific configuration
  Learn how to configure third-party devices to work with your Synergis Cloud Link unit.
- Maintenance and troubleshooting
  Learn how to troubleshoot issues and keep your Synergis Cloud Link unit up to date.
Glossary
Where to find product information
You can find our product documentation in the following locations:
Technical support
Genetec™ Technical Assistance Center (GTAC) is committed to providing its worldwide clientele with the best technical support services available. As a customer of Genetec Inc., you have access to TechDoc Hub, where you can find information and search for answers to your product questions.

Using self-signed certificates

2022-01-20

A Synergis™ Cloud Link comes with an X.509 certificate that was generated during production. Replace the default certificate to enhance security by generating a new self-signed certificate.

Procedure

Log on to the Synergis Cloud Link unit.
Click Configuration > Certificates .
In the Certificate management section, complete the identification fields.

Note: The Common name, Subject alternative name, and Country fields are mandatory.
From the Certificate type list, select one of the following algorithms and key lengths:
- ECDSA 256 bits
- ECDSA 384 bits
- RSA 2048 bits
- RSA 3072 bits
- RSA 4096 bits
Click Generate new self-signed certificate, and then restart your browser and log back on to the unit.
The certificate is now generated on the unit.
Install the certificate in the browser's certificate store.
1. Click Configuration > Certificates .
2. In the Current certificate section, click Download.
3. In Windows, follow the instructions in the Certificate Import Wizard to import the certificate to the Trusted Root Certification Authorities folder using the Local Machine option.
  Install the certificate on all machines that connect to the updated Synergis Cloud Link unit.
  Note: The certificate file will be labeled with the hostname and a .cer suffix.
Restart your browser and log back on to the unit.

Your unit no longer shows a security error in the address bar when connecting using hostname.

After you finish

If the unit was already enrolled in Security Center, the Access Manager will not trust the new certificate or connect to the unit, and you must reset the trusted certificate in Config Tool.

For more information, see Resetting the trusted certificate .