Teltonika - how to connect with TLS

Airtight data security is a big part of fleet management, especially data transmission. With more requests for secure tunnels to transmit track data coming in, Teltonika introduced TLS connection support for their devices.

This guide details the configuration process for Teltonika devices to establish TLS connections with the GpsGate server.

Requisites

  • Teltonika configurator (some Teltonika models have made their configurators available on Teltonika's website).
  • Teltonika devices' latest firmware.
  • Teltonika device connected to your computer via USB cable.

Ask your Teltonika representative to get the latest version of your device's firmware and configuration tool. 

Certificate file preparation:

Ensure your server has a valid SSL certificate before following these steps. 

1. Start a browser and go to the login page of your GpsGate platform

2. Click on the "View site information" icon. There, you'll find a line saying "Connection is secure".  

Screenshot 2024-04-11 at 10.20.11.png

3. Click on "Connection is secure" -> "Certificate is valid". From there you'll see a popup window. Click on "Details". 

Screenshot 2024-04-11 at 10.22.08.png

4. In "Details", you can find the "Export" button. Click "Export" to download the root CA file with the default file format - "Base64-encoded ASCII, single certificate". 

Screenshot 2024-04-11 at 10.27.56.pngScreenshot 2024-04-11 at 10.27.46.png

5. Once you've downloaded the certificate, rename it to "root.pem" 

Device Configuration

1. Open the Teltonika configurator.

2. Select your device model from the list.

3. Go to the Security tab and upload the "root.pem" file into the device. 

1.png

4. On the server settings under the GPRS tab, ensure the settings are configured as they appear below:

Domain: Your GpsGate server

Port: 12052

Protocol: TCP

TLS Encryption: TLS/DTLS

2.png

GpsGate System Configuration

1. Login to GpsGate as the Site Admin user. Go to Site Admin -> Account -> Settings

Screenshot 2024-04-11 at 10.40.16.png

2. Ensure the hostname is the same as the domain name you are using. 

Screenshot 2024-04-11 at 10.41.15.png

3. Make sure you enable port 12052 on both the Windows Firewall and the Network Router. You can use the listener to trigger the activation of the Windows Firewall. Keep in mind that the listener test on port 12052 might fail on the network side due to the SSL connection. If the port has been opened on the network, ignore this warning.

Screenshot 2024-04-11 at 11.04.26.png

Now your Teltonika devices are reporting to GpsGate through TLS connection. 

Screenshot 2024-04-12 at 10.27.24.png