Lenel encryption guide for OnGuard 7.5 missing steps or correct name for TLS Certificate install

OnGuard 7.5  Encryption for Controllers User Guide does not contain steps or correct names for TLS certificates to install.

Procedure Steps

 Configure TLS Encryption Using a Default Certificate Prerequisites 

1. Establish unencrypted communications to the controller

      a. In the OnGuard Alarm Monitoring application, verify that the access panel (controller) is visible and online.

2. Verify that default certificates are available.

      a. Navigate to the certificates folder in the OnGuard install directory (example: ..\Program Files(x86)\OnGuard\Certificates).

      b. Locate the following files:

          • Mercury_ca-cert.crt - for controllers with default certificates

          • Mercury_CertRootCA1024.crt - for certificates with 1024 keys

          • Mercury_CertRootCA2048.crt - for certificates with 2048 keys

          • Mercury_CertRootCA4096.crt - for certificates with 4096 keys

          • Mercury_rootca.crt - root certificate authority (CA)

3. Verify that the access panel (controller) firmware is revision 240 or higher.

4. Know the username and password to log into the access panel (controller) configuration web page.


Install the Default TLS Certificate on the OnGuard Communication Server1. Identify the certificate on the controller by accessing the certificate information on the configuration web page:

      a. In System Administration, select Access Control > Access Panels.

      b. Select a Series 2 controller form.

      c. On the Location sub-tab, click Configuration Web Page.

      d. Log in using your user name and password.

      e. Click Load Certificate to view the certificate information.

2. On the Communication Server, locate the certificate that matches the certificate on the controller.

The following are the default certificate sizes and max certificate sizes for the panels (based on: https://mercury-security.com/portal/knowledge-base/topic:product-faq-capabilities/what-are-the-certificate-sizes-supported/).

Controller TypeDefault Certificate Size (bits) Max Certificate Size (bits)Default OnGuard certificate file
 LNL-2210, LNL-2220, LNL-3300 1024 1024 Mercury_CertRootCA1024.crt
 LNL-4420 2048 4096 Mercury_CertRootCA2048.crt
 LNL-2210-X, LNL-2220-X, LNL-3300-X, LNL-4420-X 3072 4096 Mercury_CertRootCA4096.crt


3. Using Windows Explorer, double-click a certificate file to display the Certificate dialog.

4. Click Install Certificate. The Certificate Import Wizard is displayed.. Options for Certificate Store are displayed. 5. Click Next.

If prompted, store the certificate on the Local Machine (not for user).

6. Select the Place all the certificates in the following store radio button.
7. For the Certificate store, click Browse.
8. Select Trusted Root Certification Authorities.
9. Click OK.
10. Click Next.
11. Click Finish.

Note: If a Security Warning is displayed, click Yes to install the certificate. 12. After the certificate is installed, restart the LS Communication Server.

Note: For environments with a variety of Lenel controllers, consider loading all four (4) Mercury certificates and then restart the LS Communication Server once.

13. To view the installed certificate(s) in the Certification Manager list, click the Start button, then type certmgr.msc in the search field and press Enter.

Applies To

Encryption for Controllers User Guide (OnGuard 7.5)


Additional Information

This is only part of whole TLS enabling procedure for panels, and contains only two sections with detailed certificates names.

Copyright © 2023 Carrier. All rights reserved.