Coffee Hill

BACnet/SC Hub onboarding — for installers configuring field controllers

Hub hostname

hill.sc-hub.infin.cx

BACnet/SC URL

wss://hill.sc-hub.infin.cx:443/

Organization

Coffee Hill

1. Download & trust the organization root CA

Every device that connects to this hub must trust your organization's private root certificate. Download it and install it in the controller's trust store before commissioning.

Download root CA (PEM)

Revocation list (CRL): /api/bacnet-crl/4f908ed5-797e-4568-b740-b23a64de2217

2. Issue a device operational certificate

No onboarding token detected. Ask your IT administrator to generate an onboarding link from the infinCX admin panel (BACnet → Hub → Generate Onboarding Link) and share it with you. Open that URL on this device to proceed.

Alternatively, issue certificates manually from the infinCX GUI:

Open the BACnet Certificates panel in the infinCX GUI.
Click Issue Operational Certificate (or paste the device CSR).
Download the resulting bundle (cert, chain, optional key).
Load the cert + chain + private key into the controller's BACnet/SC config.

3. Configure the controller

Use these values in the BACnet/SC configuration of each controller:

Primary Hub URI : wss://hill.sc-hub.infin.cx:443/
Failover URI    : (leave blank or set to a redundant hub)
Trust Anchor    : (the root CA PEM you downloaded above)
Operational Cert: (the device cert from step 2)

4. Verify the connection

Once the controller is committed, this hub's status endpoint will show it as connected:

curl https://hill.sc-hub.infin.cx/status

Troubleshooting

TLS handshake failure — controller doesn't trust the root CA. Re-install the trust anchor.
Certificate revoked — re-issue from the BACnet Certificates panel.
Connection refused — confirm the controller can reach hill.sc-hub.infin.cx:443 (TCP) outbound.

This page is served by the hub itself over a Let's Encrypt-issued public certificate. Device traffic uses your organization's private CA on port 443 (mTLS, end-to-end).