MyQ runs with secure communication (SSL) by default, but also offers three different certificate authority modes, that can be modified in MyQ, Settings, Network.
Toshiba devices require an SSL certificate for the specific Fully Qualified Domain Name (FQDN). Wildcards or Subject Alternative Name (SAN) cannot be used.
If the certificate is invalid, events, e.g. card reading or job notifications, will not work.
The error log can be viewed in the Toshiba Web UI, in Logs > View Logs > Message Log:
Error: Failed to establish the TLS session (unknown CA)
Built-in Certificate Authority
When using this mode (default), it is required to Generate new CA certificate after the configuration of the server hostname to FQDN on the MyQ web administrator interface, in Settings, Network, Communication Security.
Install the generated ca-myq.crt certificate from C:\ProgramData\MyQ\Cert to Trusted Root Certification Authorities on the server.
Upload the generated ca-myq.crt certificate from C:\ProgramData\MyQ\Cert on the Toshiba device Web UI, in Administration > Security > Certificate Management as CA Certificate (PEM).
Using custom certificates
In case a custom SSL certificate is uploaded in MyQ, the certificate should also be installed in device web UI and in the Trusted Root Certification Authorities on the server.
In cases that the Request host is not allowed warning message is displayed after a user logs in to the terminal, or the Access denied error message is displayed after a user is trying to use panel operations (Panel Copy or Panel Scan), an invalid certificate is used (a valid certificate has to be created for the specific FQDN).
For correct use of the certificates, the reversal DNS lookup has to be enabled on the server.
Reversal DNS lookup has to be enabled also for the cluster server address in cases that the MS Cluster high-availability solution is used.
Enable unsecure communication
If SSL communication is not required, you can enable unsecure communication (not recommended) in MyQ Easy Config. Go to the Settings tab, under Web Server, enable Allow unsecure communication, and click Save.