MyQ runs with secure communication (SSL) by default, but also offers three different certificate authority modes, that can be modified in MyQ, Settings, Network.

Toshiba devices require an SSL certificate for the specific Fully Qualified Domain Name (FQDN). Wildcards or Subject Alternative Name (SAN) cannot be used.

If the certificate is invalid, events, e.g. card reading or job notifications, will not work.

The error log can be viewed in the Toshiba Web UI, in Logs > View Logs > Message Log:

Error: Failed to establish the TLS session (unknown CA)

Built-in Certificate Authority

When using this mode (default), it is required to Generate new CA certificate after the configuration of the server hostname to FQDN on the MyQ web administrator interface, in Settings, Network, Communication Security.

MyQ web UI - communication security

Install the generated ca-myq.crt certificate from C:\ProgramData\MyQ\Cert to Trusted Root Certification Authorities on the server.

Upload the generated ca-myq.crt certificate from C:\ProgramData\MyQ\Cert on the Toshiba device Web UI, in Administration > Security > Certificate Management as CA Certificate (PEM).

Installing the certificate on the device web UI

Using custom certificates

In case a custom SSL certificate is uploaded in MyQ, the certificate should also be installed in device web UI and in the Trusted Root Certification Authorities on the server.

Troubleshooting

In cases that the Request host is not allowed warning message is displayed after a user logs in to the terminal, or the Access denied error message is displayed after a user is trying to use panel operations (Panel Copy or Panel Scan), an invalid certificate is used (a valid certificate has to be created for the specific FQDN).

Request host is not allowed error on the terminalAccess Denied error on the terminal

Enable unsecure communication

If SSL communication is not required, you can enable unsecure communication (not recommended) in MyQ Easy Config. Go to the Settings tab, under Web Server, enable Allow unsecure communication, and click Save.

MyQ Easy Config - Allow unsecure communication