Overview
Details configurable CGMS and TPSPROXY properties used in Cisco IoT FND and TPS, including security module settings, network configurations, and bootstrap service parameters.
The available properties in Cisco IoT FND and TPS are configuration parameters for CGMS and TPSPROXY that control system behavior, security, and integration.
-
Properties include names, example values, and descriptions for each configurable item.
-
CGMS properties manage gateway management, security modules, and network integration.
-
TPSPROXY properties handle proxy configuration, bootstrapping, and allowed network addresses.
CGMS and TPSPROXY properties
The following tables list the properties available for configuration in Cisco IoT FND and TPS, grouped by CGMS and TPSPROXY.
| Property name |
Example value |
Description |
|---|---|---|
| cgms-keystore-password-hidden= |
< encrypted > |
Encrypted password for the cgms keystore. Encrypt or decrypt with encryption_util.sh. |
| cgdm-tpsproxy-addr= |
<ipv4/v6 address or FQDN > |
The source IP address of messages coming from the TPS proxy. |
| cgdm-tpsproxy-subject= |
CN=common_name, OU=organizational_unit, O=organization, L=location, ST=state, C=country |
The exact certificate subject contained in the TPS proxy's certificate. |
| hsm-keystore-name= |
testGroup1 |
HSM partition name. |
| hsm-keystore-password= |
< encrypted > |
Encrypted HSM partition password. |
| security-module= |
ssm/hsm |
Type of security module being used. |
| ssm-host= |
<ipv4 address > |
IP Address of SSM server. |
| ssm-port= |
8445 |
Port of SSM server. |
| ssm-keystore-alias= |
ssm_csmp |
Alias name for SSM certificate in keystore. |
| ssm-keystore-password= |
< encrypted > |
Encrypted password for the SSM keystore. |
| ssm-key-password= |
< encrypted > |
Encrypted key for the SSM key. |
| multicast-interface-address= |
< ipv6 address > |
Cisco IoT FND IPv6 source address for multicast traffic. |
| dhcpV4ClientListenAddresses= |
<ipv4 address > |
IPv4 address on your Cisco IoT FND server used to exchange DHCPv4 messages. |
| dhcpV6ClientListenAddresses= |
< ipv6 address > |
IPv6 address on your Cisco IoT FND server used to exchange DHCPv6 messages. |
| OptimizeTunnelProv= |
true/false |
Indicates whether or not to lock the HER during tunnel provisioning. |
| her-metrics-pollinterval-minutes= |
60 |
Frequency of metrics polling for HER. |
| allowed-outage-skew= |
5000 |
Allow outage skew in seconds, for outage or restoration events. |
| rf.validate-firmware-tlvs= |
true/false |
Skips CG-Mesh device firmware validation. |
| googleMapsClientId= |
< Client ID > |
Google maps client ID. |
| googleMapsApiKey= |
< API key > |
Google maps API key. |
| enable-bootstrap-service= |
true/false |
Used to enable PNP bootstrapping service. |
| scep-url= |
http(s) :// < url of SCEP server > |
URL of SCEP server. |
| ca-fingerprint= |
< fingerprint of CA certificate > |
Fingerprint of CA certificate. |
| proxy-bootstrap-ip= |
<ipv4/v6 address or FQDN > |
PNP server identity sent by Cisco IoT FND to the PNP agent. |
| bootstrap-fnd-alias= |
subca |
Alias name assigned to the CA certificate from the issuer in the Cisco IoT FND keystore. |
| pnp-server-port= |
9125 |
PNP server port, default is 9125. |
| pnp-install-trustpool= |
true/false |
Send the CA bundle file which includes well known public CA certificates. |
| reload-during-bootstrap= |
true/false |
Indicates whether or not to reload a device after PNP boostrapping. |
| router-file-upload-retries |
0 |
Number of retries for router file upload job |
| router-firmware-upload-retries |
0 |
Number of retries for the firmware upload job. |
| router-firmware-install-retries |
0 |
Number of retries for the firmware install job. |
| collect-cellular-link-metrics |
true/false |
Indicates whether or not to collect cellular metrics. |
| collect-cellular-link-metrics-interval |
30 |
Interval for cellular metrics. |
| router-firmware-upload-timeout-minutes= |
30 |
Firmware upload job timeout duration in minutes. |
| router-firmware-install-timeout-minutes= |
60 |
Firmware install job timeout duration in minutes. |
| cgr-ha-fetch-mesh-key-attempts |
3 |
Number of attempts to fetch the mesh keys. |
| cgr-ha-fetch-mesh-key-delay-mins |
1 |
Number of minutes or interval between mesh-key-attempts. |
| enable-httpcoap-proxy |
true/false |
FND-RA integration |
| enable-est |
true/false |
FND-RA integration |
| rf.min-reenrollment-delay-second |
FND-RA integration |
|
| rf.max-reenrollment-delay-seconds |
FND-RA integration |
| Property Name |
Example Value |
Description |
|---|---|---|
| cgms-keystore-password-hidden= |
< encrypted > |
Encrypted password for the cgms keystore. Encrypt/decrypt with encryption_util.sh |
| enable-bootstrap-service= |
true/false |
Used to enable PNP bootstrapping service |
| bootstrap-proxy-listen-port= |
9125 |
Port on which TPS is listening for HTTP traffic. |
| inbound-bsproxy-destination= |
<ipv4/v6 address or FQDN > |
IP address and port to forward info received from the router over HTTP. |
| outbound-proxy-allowed-addresses= |
<ipv4/v6 address or FQDN > |
Comma separated list of FQDN/IP addresses, the proxy allows outbound messages to originate from it. |