shift4 command center reference guide · profile – the name of a profile that may have been...

Join us for treats Thursday, Month Day, at 3:00 p.m. in the kitchen.

Reference Guide

Copyright © 2020 Shift4 Payments, LLC. All rights reserved.

Shift4 Command Center ™

Shift4 Command Center Reference Guide

© 2020 Shift4 Payments, LLC. All rights reserved. Version 2.5 External Use NDA of 88

Copyright Notice

Shift4 Payments 1491 Center Crossing Road Las Vegas, NV 89144 702.597.2480

www.shift4.com [email protected]

Document Title: Shift4 Command Center Reference Guide

Publication Date: January 14, 2020

Copyright © 2020 Shift4 Payments. All rights reserved worldwide.

*Universal Transaction Gateway® (UTG)®, Lighthouse Transaction Manager, 4Go®, i4Go®, and 4Word® are covered by one or more of the following U.S. Pat. Nos.: 7770789; 7841523; 7891563; 8328095; 8688589; 8690056; 9082120; 9256874; 9495680.

All trademarks, service marks, product names, and logos are the property of their respective owners. Shift4 Payments may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. The furnishing of this document does not give any license to these patents, trademarks, copyrights, or other intellectual property except as expressly provided in any written license agreement from Shift4 Payments. All graphics are property of Shift4 Payments.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without prior written permission of Shift4 Payments. The contents of this publication are the property of Shift4 Payments. Shift4 Payments reserves the right to revise this document and to periodically make changes to the content thereof without any obligation or notification to any organization of such revisions or changes unless required to do so by prior written agreement.

Notice of Confidentiality

This document contains information that is proprietary to Shift4 Payments. It carries the Shift4 classification “External Use NDA.” It is provided for the sole purpose of specifying instructions for Shift4 Payments products. The recipient agrees to maintain this information in confidence and not reproduce or otherwise disclose this information. Please refer to the signed Bilateral Non-Disclosure and Confidentiality Agreement for additional agreements and expectations.

Notice to Governmental End Users

If any Shift4 product is acquired under the terms of a Department of Defense contract: use, duplication, or disclosure by the US Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of 252.227.7013. Civilian agency contract: use, reproduction, or disclosure is subject to 52.227-19 (a) through (d) and restrictions set forth in the accompanying end user agreement. Unpublished rights reserved under the copyright laws of the United States.



Shift4 Command Center Reference Guide This guide corresponds to the 1.0.290 release of Shift4 Command Center™. Shift4 Command Center can be accessed by signing in to https://in4m.4tresspos.com (or https://in4m.shift4test.com for CE) as a user with Shift4 Command Center permissions or by selecting Shift4 Command Center from the grid menu when signed in to 4tress®. The option is only displayed when the appropriate roles and/or groups are assigned to a user’s account. Shift4 Command Center is a tool to view all services for all accounts. Shift4 Command Center also provides a web-based means of installing a Universal Transaction Gateway® (UTG®), and making changes to the status and/or configuration of one or more UTGs displayed in Shift4 Command Center. Tasks can be scheduled in Shift4 Command Center to be initiated on weekends or off hours as needed, and results can be monitored. Shift4 Command Center uses an agent application that is installed on the same machine as the UTG. The agent retrieves the tasks from the Shift4 Command Center services and communicates them to the UTG. The agent also monitors the results and sends them to Shift4 Command Center. A very basic flow looks something like this.

https://in4m.4tresspos.com/

https://in4m.shift4test.com/



To view the Shift4 Command Center website, navigate to https://in4m.4tresspos.com and sign in as a as a user with Shift4 Command Center permissions.

Note: Depending on your Shift4 Command Center role and permissions, some features described in this document may not be available.

Exploring the Shift4 Command Center Menu Options

Dashboard The default Dashboard view provides a one page snapshot of recent installations, as well as quick access to frequently used tasks. The page contains two sections:

I Want to…

• Install and Connect a New UTG – Opens a window to create a package that can be downloaded on a machine to install an agent and a new UTG, and connect the UTG to Shift4 Command Center.

• Connect a UTG – Opens a window to create a package that can be installed on a machine to install an agent, which facilitates the connection between Shift4 Command Center and an existing UTG.

• View My Installations – Opens the Installations page and displays a complete list of installations for the account selected.

• Schedule a Task – Opens the Services page where you can select one or more components and schedule a task by clicking on any gear icon that corresponds to a selected component.

• View My UTGs – Opens the Services page to display a list of components (currently UTGs) and schedule a task if desired.




Recent Installations

This section displays a list of the most recent installations with the following information:

• Installation Name – The name given to the machine when the installation package was created. This should be a unique name so you can easily locate the machine for updates and configuration changes. This name can be edited later if needed.

• Install Type – Currently, this is only for connecting an existing UTG to Shift4 Command Center. • Parent Account – The account under which the machine connection was made. • Creation Date – The date and time the installation package was created.

The column in focus will display a caret to the right that provides sorting alphabetically or by date. Select any column heading to display the sorting option.

Viewing Machines From the top menu, select Machines to view a list of all machines for the selected account that have a service installed, such as a UTG. Use the records per page option to display 10, 25, or 50 records per page.

The Machines section contains the following columns:

• Machine Nickname –This name defaults to the installation name you entered when you were creating the installation package and can be edited. Clicking the machine nickname will open two sections:

o The Manage [Machine Nickname] section is where a task can be scheduled and the following information is displayed:

Machine Name – This is the machine name that was automatically assigned during the connection and cannot be edited.

Machine Nickname – This name defaults to the installation name your entered when you were creating the installation package and can be edited.

Machine DNS Name – The Domain Name Server’s name that translates into the machine’s IP address.

Parent Account – The parent account the UTG is under. Status – See Service Status in the Viewing Services section for a complete list of possible

statuses. Agent Version – The version of Shift4 Agent that is currently operating on this machine.



Operating System – The operating system running on the machine, such as Microsoft Windows version and service pack.

Last Known Communication – The date and time of the last instance of communication between Shift4 Command Center and the UTG.

Next Predicted Communication – When Shift4 Command Center expects to communicate with the UTG next. This is used to indicate a communication issue with the UTG.

Available Memory – The RAM memory available for the machine. CPU Usage –The CPU usage of the entire machine, including the UTG. .NET Version – The .NET version of the machine on which Shift4 Command Center is

connected. Machine Uptime – How long the machine has been running in days, hours, minutes, and

seconds.

o The Components section with the following columns:

Component Nickname – The nickname of the component. The default is the IP address of the component, but can be edited under Services. Clicking next to a component displays the option to schedule a task. See the Scheduling a Task section for complete details on scheduling tasks.

Service Type – The type of service, currently UTG only. Service Status – The status of the service. See Service Status in the Viewing Services section

for a complete list of possible statuses. Last Known Communication – The date and time of the last communication between the

agent and AWS. Next Predicted Communication – This time is set when a communication between the agent

and AWS is made. If the next communication does not occur by this set time, the Failed to check in message is displayed.

Scheduled Tasks – The number of tasks scheduled for the UTG. SW Version – The software version for the UTG. Configuration Status – The current configuration status of the machine in Shift4 Command

Center. See Configuration Status in the Viewing Services section for a full list of possible statuses.

Profile – The name of a profile that may have been assigned to the UTG. Parent Account – The parent account the UTG is under.

● Machine DNS Name – The DNS name that translates into the machine’s IP address. ● Parent Account – The parent account the UTG is under. ● Agent Version – The version of Shift4 Agent that is currently operating on this machine. ● Status – See Service Status in the Viewing Services section for a complete list of possible statuses. ● Operating System – The operating system running on the machine, such as Microsoft Windows version

and service pack.

● Last Known Communication – The date and time of the last instance of communication between Shift4 Command Center and the UTG.

● Next Predicted Communication – When Shift4 Command Center expects to communicate with the UTG next. This is used to indicate a communication issue with the UTG.

● Available Memory – The RAM memory available for the machine. ● CPU Usage – The current CPU usage the UTG is creating on the machine. ● Machine Uptime – How long the machine has been running in days, hours, minutes, and seconds.



The column in focus will display a caret to the right that provides sorting alphabetically or by date. Select any column heading to display the sorting option. This option is not available for the Available Memory column.

Viewing Services From the top menu, select Services. If the account you have selected has child accounts, a Show child items option can be selected at the bottom of the Accounts menu to display both the parent and child services. You can choose the number of records to be displayed on the page from the list. You can also click to select or clear what columns will be displayed on the page. The total number of services is displayed at the bottom.

Note: While we use the term service/component/machine throughout this document, only the UTG is currently being managed in Shift4 Command Center.

Each service is listed with the following columns:

• Component Nickname – The nickname of the component. This will default to the IP address of the component but can be edited.

o Clicking a component nickname will display the component’s details and is where the Component Nickname/IP field can be edited. In addition, tasks can be scheduled.

Important: It is important to name your machine in a way that will be easy to identify when setting configurations (for example, WestCafe101). This will make it easier to assign a saved configuration to the right revenue center.



o Clicking next to a component displays the option to schedule a task or apply a profile. See the Scheduling a Task section for complete details on scheduling tasks or the Applying a Profile section for details on applying profiles.

• Service Type – The type of service installed on this machine. Currently, this will be UTG. • Service Status – The current status of the service, which will be one of the following:

o Running – The operating system is reporting that the service is running. o Online – The UTG is running and it is online. This is specific to the UTG and indicates the UTG is

communicating with the Shift4 Payments data center (online). o Offline – The UTG is running but it is in offline mode. The UTG is not communicating with the Shift4

Payments data center (offline). o Stopped – The UTG or service is stopped. o Failed – The agent tried but could not communicate with the UTG or service. o Failed to check in – The agent didn’t post status to AWS. o Unknown – This is the default status before communication with the UTG or service to determine the

current status..exe

• Merchant Description – The Merchant that will be using the service. • Location – The location where the service will be used. • Lane – The lane field lets the user know what lane will be using the service. • File ID / MID – A numeric value no longer than ten digits. • Last Known Communication – The date and time of the last instance of communication between Shift4

Command Center and the UTG. • Next Predicted Communication – When Shift4 Command Center expects to communicate with the UTG

next. This is used to indicate a communication issue with the UTG. • Scheduled Tasks – The number of tasks scheduled for the UTG. • Agent Version – The version of Shift4 Agent that is currently operating on this machine. • UTG Version – The version of UTG that is currently operating on this machine. • Configuration Status – Configuration Status provides a UTG configuration version comparison between

Shift4 Command Center and the local instance of the UTG. This provides a means of determining potential conflicts. To the right of the configuration status, a corresponding icon provides a quick visual status of multiple UTGs. Configuration states include the following:

o Up to date – Both the UTG and Shift4 Command Center have the same configuration version and no changes have been detected.

o Locally modified – The UTG configuration has been modified on the local machine. o Locally newer –This indicates there was an error when trying to retrieve the configuration of the local

UTG into Shift4 Command Center. Schedule a task to update Shift4 Command Center with UTG’s local configuration. If this problem persists contact the Shift4 Payments Customer Support team for assistance.

o Pending – A task has been scheduled but has not been completed. o Uncommitted Changes – This indicates the Shift4 Command Center configuration has been modified,

but the configuration changes have not been sent to the UTG.

• Parent Account – The parent account the UTG is under. • Profile – Displays the profile that has been assigned to this component. No Profile will be displayed if

either of the following is true:

o If no profile has been assigned. o If a profile was assigned, but a change was made to the UTG configuration.



• Profile Version – The version of the profile when it was applied to the component. This version will stay the same until a profile with a different version is applied.

The column in focus will display a caret to the right that provides sorting alphabetically or by date. Select any column heading to display the sorting option. The sorting option is not available for the Configuration Status column.

Note: Clicking a Component Nickname will open a page with additional menu selections for configuring a UTG. Configuring a UTG in Shift4 Command Center is discussed in detail in the Configuring a Connected UTG section.

Viewing Installations From the top menu, select Installations to view a list of all installations for the selected account. You can use the records per page option to display 10, 25, or 50 records per page. The Installations section contains the following columns:

• Installation Name – The name or IP address of an installation registered for Shift4 Command Center. Clicking next to an installation will display the following options:

o View Install – Opens a window with the installation details and installation manifest. o Deactivate Install – This deletes the installation package. All packages that have been distributed will

be deactivated and no longer work. o Download – Allows the user to download the installation package. This feature might be used if a

download package was created but lost or accidentally deleted before it was installed.

• Install Type – Currently, this will only be Connect Existing UTG to Shift4 Command Center. • Verification ID – Identifies the installation and its configuration settings. • Parent Account – The account for the machine on which the service was installed. • Creation Date – The date and time the installation package was created.



The column in focus will display a caret to the right that provides sorting alphabetically or by date. Select any column heading to display the sorting option.

Viewing Profiles From the top menu, select Profiles to view a list of all profiles for the selected account and any parent accounts. The Profiles section contains the following columns:

• Profile Name – The name entered for the profile during creation or editing.

o Clicking a Profile Name will display the configuration settings. o Clicking provides the option to delete the profile.

• Parent Account – The parent account under which the profile was created. • Profile Version – The current version of the profile. When a profile is created, it has a version of 1. If

changes are made to the profile before it is applied to a component, it will remain at version 1. If modifications are made to the profile after it has been applied to a component, it will increment by one to the next version.

• Creation Date – The original date on which the profile was created. • Last Updated – The last date on which the profile was edited.



Devices From the top menu, select Devices to view a list of all the devices you have set up in Command Center. The Devices section contains the following columns:

• Selection column – Selecting allows the user to select one or more devices for implementing tasks. • Task column – Clicking will display the following task options for scheduling.

o Push Forms – Allows forms to be pushed to one or more selected devices. If multiple devices are selected, the Device Type for all selected devices must be compatible and all devices must be connected to UTGs with version 3018 or higher.

o Update Firmware – Provides the ability to update device firmware for one or more selected devices. This task can only be performed on devices connected to a UTG with version 3018 or higher.

• Service Name – The name of the UTG to which the device is connected. • Machine Name – The name of the machine where the UTG is installed. • Device Firmware – The device firmware version last reported to Command Center. • Device Keys – The security keys for the device. • Device Serial – The device serial number. • Device Type – The device type, such as an iPP320 device. • Terminal ID – The terminal using the UTG. • PCI Version – The PCI compliance number.

Forms From the top menu, select Forms to view a list of uploaded forms. The form files on this page will be the ones displayed when the Push Forms task is selected under the Devices tab (depending on the device type). Forms can be uploaded, downloaded, and deleted from this page. Uploaded forms can be pushed to compatible devices. See the Scheduling a Task from the Devices Page section for more information.

The Forms page contains the following options and columns:

• - This is the icon you will click to upload a .TGZ form file to Command Center. • Name – The file name for the form file. • Device Type – The type of device to which the form can be pushed. • Upload Date – The date the form file was uploaded.



Note: While some forms can be used on multiple devices, the Device Type listed for a form name is the only device type that can be used with that file. The same form file can be uploaded again with another device type.



Scheduling a Task There are several ways to schedule a task for a service when you are signed in to Shift4 Command Center. If you are on the Dashboard page, simply click Schedule a Task under the I Want to… section. This will take you to the Services page where all components for the selected account will be displayed. See below for ways to schedule tasks.

Scheduling a Task from the Services Page To schedule a task for the listed component(s) on the Services page, complete the following steps:

1. In the Services section, select the component(s) for which the task will be scheduled.

2. Click to the left of a selected component nickname.

3. Click Schedule Task. (The Apply a Profile option is covered in the Applying a Profile section of this document.)

4. From the Schedule for list, pick one of the following:

• UTG • Agent

5. If you selected UTG, complete the following steps:

• From the Task list, select one of the following categories:

o Start/Stop

Start UTG – Starts the UTG as a service. Stop UTG – Stops the UTG whether running as a service or in Stand Alone. Restart UTG – Stops and then restarts the UTG

o Configuration Changes

Update UTG – Stops the UTG, updates the UTG to the current Command Center configuration, and then restarts the UTG as a service.

Rollback UTG – Stops the UTG, roll the configuration back to the previously installed configuration, and then restarts the UTG.



Update Command Center – Updates the Command Center to the UTG’s current configuration. You will only see this option if the UTG is not part of a profile.

o Deploy UTG Version

Allows the user to change the UTG to a different version or choose the General Availability (GA) Release, which is the latest release available to everyone with all the newest features.

o Miscellaneous

Reset UTG Slot – The slot is what ties the UTG to the machine. If the UTG is moved to another machine, or if the IP address changes, the slot must be reactivated.

• From the selected task category, select the desired task.

6. If you selected Agent, complete the following steps:

• From the Task list, select the following option:

o Change Agent Version

Allows the user to change the Agent to a different version or choose the General Availability (GA) Release, which is the latest release available to everyone with all the newest features.

o Select the desired task.

7. (If applicable) To run the task immediately, select Run Immediately and click Apply.

8. (If applicable) To schedule the task for a later time, complete the following steps:

• In the Date field, click and select the time and date at which the scheduled task should be attempted and click Apply.

• From the Time Zone list, select the desired time zone. • Click Apply.



• Your selected action will be applied to all selected components on the time and date you selected according to the time zone selected.

9. Click the Component Nickname to view the State column for the selected components to verify the state of the scheduled task.

Tip: You can also schedule a task by:

● Selecting Machines from the top menu. ● Click the desired Machine Nickname. ● In the Components section, click and Schedule Task.

Scheduling a Task from the Devices Page To schedule a task for the listed device(s) on the Devices page, complete the following steps:

1. In the Device Management section, select the device(s) for which the task will be scheduled.

2. Click to schedule one of the following tasks:

• Push Forms

o Select Push Forms to push forms to the selected device(s). If multiple devices are selected, the Device Type for all selected devices must be compatible and all devices must be connected to UTGs with version 3018 or higher.

o From the Push Forms window, select the form file you would like to push to the device(s). o (If applicable) To run the task immediately, select Run Immediately and click Apply. o (If applicable) To schedule the task for a later time, complete the following steps:


• From the Time Zone list, select the desired time zone. • Click Apply. Your selected action will be applied to all selected components on the time and date

you selected according to the time zone selected.

• Update Firmware

o Select Update Firmware to update the firmware on the selected device(s). This task can only be performed on devices connected to a UTG with version 3018 or higher.

o From the Update Firmware window, select the form file you would like to push to the device(s).

A firmware update will reset the device to the default Shift4 form(s). Selecting a form from the list will cause the form to automatically be pushed to the device when the firmware update has completed.

o (If applicable) To run the task immediately, select Run Immediately and click Apply. o (If applicable) To schedule the task for a later time, complete the following steps:


• From the Time Zone list, select the desired time zone.



• Click Apply. Your selected action will be applied to all selected components on the time and date you selected according to the time zone selected.

Scheduling a Task from the Forms Page The Forms page allows the user to upload forms that can be pushed to one or more devices as needed. The Form Manager section provides a means of deleting forms or downloading forms for editing. Edited forms would need to be uploaded after editing.

Uploading Forms to Command Center 1. Click to upload form files. The form files must have a .TGZ file extension. 2. In the Upload Form window, enter a Name for the file. 3. In the Device Type field, select the type of device the form will be used on. Remember, some forms are not

compatible with some devices. 4. Click Browse to locate and select the file. 5. Click Upload.

Downloading Forms 1. In the Form Manager section, Click for the desired form, and select Download. 2. Select the desired folder for download. 3. Click Save.

Deleting Forms 1. In the Form Manager section, Click for the desired form, and select Delete. 2. Click Yes.



Security and UTG To ensure the UTG is installed, configured, and operating in a secure manner and environment that is compliant with PCI DSS standards, you must read the following documents:

• UTG PA-DSS Implementation Guide • The latest version of the PCI DSS documentation at www.pcisecuritystandards.org

Warning! For security implementation and best practices, see the PA-DSS Implementation Guide.

Use of a Payment Application Data Security Standard (PA-DSS) compliant application by itself does not make an entity PCI DSS compliant, since that application must be implemented into a PCI DSS compliant environment and according to the PA-DSS Implementation Guide provided by the payment application vendor. All applications that store, process, or transmit cardholder data are in scope for an entity’s PCI DSS assessment, including applications that have been validated to PA-DSS. The PCI DSS assessment should verify the PA-DSS validated payment application is properly configured and securely implemented per PCI DSS requirements and the vendor’s PA-DSS implementation guide. If the payment application has undergone any customization, a more in-depth review will be required during the PCI DSS assessment, as the application may no longer be representative of the version that was validated to PA-DSS.

The PA-DSS requirements are derived from the PCI DSS Requirements and Security Assessment Procedures (defined in this document). The PA-DSS details the requirements a payment application must meet in order to facilitate a customer’s PCI DSS compliance. As security threats are constantly evolving, applications that are no longer supported by the vendor (e.g., identified by the vendor as “end of life”) may not offer the same level of security as supported versions.

Windows Firewall Shift4 conforms to the strictest security requirements. For security reasons, both the UTG and the UTG Stub must be installed on a machine behind a firewall. However, because a firewall restricts communication between your computer and the Internet, it is necessary to adjust the settings for the UTG or the UTG Stub so it can communicate through the Windows firewall. Listing the UTG or the UTG Stub as an exception will accomplish the task. If the UTG or the UTG Stub (if you are using UTG Stub) is not listed, you will need to add them to the exception list.

http://www.pcisecuritystandards.org/



Supported Windows Operating Systems

Note: UTG will work in a 64-bit or 32-bit environment. UTG can also operate in a virtualized environment.

• Microsoft® Windows 10 • Microsoft® Windows 2016 Server • Microsoft® Windows 2012 Server • Microsoft® Windows 8 • Microsoft® Windows 2008 Server • Microsoft® Windows 7 • Microsoft® Windows Vista

WARNING! Unless used with True P2PE™, installing the UTG on a non-supported operating system is a violation of PCI DSS Requirement 6.2 and may also render your systems more vulnerable to a security breach.

Tip: To stay fully compliant with security standards, as well as ensure machine stability while running the UTG, make sure you keep the machine up to date with the latest Windows updates.

Internet Connectivity Requirements For security reasons, an internal static IP address is required on every machine with the UTG installed. In addition, because of Card Association Security Requirements, the UTG must be installed on a machine that is protected behind a firewall. It is the merchant’s responsibility to configure static IP addresses or networks.

Note: If you are in a DHCP environment, you can reserve an IP address to make it appear static.

Connecting to Shift4’s data center requires outbound connections to TCP/IP ports 26880 and 26881. Configure the firewall for a pool of established, resultant, server, or ephemeral traffic across these ports to successfully connect. The exact name for the ephemeral type of resultant connection depends on the firewall’s naming conventions. Specifically defined inbound connectivity policies are not required.



Warning! If you have multiple Internet connections, you need to have a way to switch between connections. UTG does not automatically switch to an alternate Internet connection.

Warning! When the term SSL is used throughout this document, it should be interpreted as the newest version of TLS. In accordance with the PCI Data Security Standard, all versions of SSL and TLSv1.0 are no longer considered “strong encryption” and should never be used for non-console access to card data environments through public networks or to transport card data over public networks. Shift4 offers the option to use SSL and TLSv1.0 due to system incompatibility issues with legacy PMS/POS systems, but it should only be considered a temporary fix. If SSL or TLSv1.0 must be used, it should only be used inside protected, non-public networks. For more information see: https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf

Command Center Communication Command Center is hosted in the Shift4 data centers (listed in the IP Address Ranges section) as well as Amazon AWS (S3 and API Gateway).

The remote agent that is installed on the same machine as the UTG needs outbound access to the following URLs using port 443 (HTTPS):

https://myportal.shift4.com/ https://in4mapi.4tresspos.com

o Hosted in the Shift4 data center.

https://s4-myportal.s3.amazonaws.com/

o Hosted on AWS S3.

https://wwimdmwghg.execute-api.us-west-2.amazonaws.com/s4

o Hosted on AWS API Gateway. o The IP address range can unexpectedly change since it goes through CloudFront. (Please see

https://ip-ranges.amazonaws.com/ip-ranges.json if needed.) o If FQDN is not possible, then an ANY is needed for the agent.exe to reach out.

https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf


https://ip-ranges.amazonaws.com/ip-ranges.json



.NET Framework Requirements For Command Center UTG installations, the .NET framework version on the target machine must be 4.7.2 or higher.

Connecting an Existing UTG to Shift4 Command Center This section provides basic instructions for connecting an existing UTG to Shift4 Command Center. If you have any questions concerning the process, contact the Shift4 Payments Customer Support team at 702.597.2480, option 2.

Before you can configure or modify a UTG in Shift4 Command Center, you must connect the UTG to Shift4 Command Center.

Important: Command Center can only be used with UTG version 5.0.0.3011 or higher.

Requirement: To perform the tasks in the Connecting an Existing UTG to Shift4 Command Center section, you must have the required permissions. Roles with the necessary permissions include the following:

• Shift4 Command Center Certified Installer

To connect an existing UTG to Shift4 Command Center, complete the following steps:

1. Verify that UTG 5.0.0.3011 or higher is installed on the local machine and is running.

2. Navigate to https://in4m.4tresspos.com and sign in as a user with Shift4 Command Center permissions.

3. Under the Accounts menu, select the desired account.

Important: The account selected will be the account under which the installation package exists. When UTGs are installed and connected, they will also be under this account.




4. Select Dashboard if not already selected.

5. In the I Want To… section, click Connect a UTG.

6. In the Connect a UTG to Shift4 Command Center window, complete the following steps:

• In the Installation Name field, enter a name for the machine the UTG is currently installed on. • In the Agent Install Location field, enter the desired file location where the Shift4 Command Center agent

will be installed to. • In the UTG Location field, enter the desired file location on the machine the UTG is installed at or leave

the default location. • In the Install Period field, select or enter the date range for which the installation package will be active.

After the date range selected, the package cannot be used to make a connection. The maximum period that an install package will stay active for is 365 days. Write down the end date for reference, since after this date the installation package will no longer be valid..

• Click Create Install Package.



7. Write down the Verification ID, as you will need it during the installation process. If you forget to write down the Verification ID, it will be displayed in Shift4 Command Center once the installation package has been created.

8. In the Install Package Generated window, choose one of the following options:

• If this is also the machine the UTG is running on, click Download Package to download the package on this machine.

• If this is not the machine the UTG will be running on, copy the URL and send it to a remote location for download and connection on the remote machine where the UTG is running.

9. Run the downloaded package as a user with local admin rights on the target machine where the UTG is running.

10. On the Welcome window, enter your Verification ID and click Verify. If you have access to Shift4 Command Center, you can also find the Verification ID under Installations. If you do not have access to Shift4 Command Center, you will need to contact your Shift4 Command Center administrator.

11. On the Confirm Account window, verify your Account and Profile name and click Confirm.

12. On the Enter Attributes window, enter the following:

• (Optional) File ID / MID – Enter a numeric value no longer than ten digits. • (Required) Merchant Description – Enter the name of the merchant that will be using the service. • (Required) Location – Enter the location where the service will be used. • (Optional) Lane/Register – Enter the lane that will be using the service. • Click Next.

13. The Shift4 Command Center Agent will be installed as a service under the Local System account. This should be changed in Windows services to run the Shift4 Command Center Agent and the UTG under an account that is securely locked down. To change from the Local System account to a more secure account, complete the following steps:



• The locked down account for the Shift4 Command Center Agent will need permission to start and stop the UTG. When the installation package is complete, you should see the Machine Nickname (after selecting Machines from top menu) and you should see UTG as the Service Type (after selecting Services from the top menu).

• If you have not completed the connection steps listed above, even if you have previously installed and configured a UTG on a local machine, it will not be visible in Shift4 Command Center.

14. If the download package was created, downloaded, and run, but an error message was displayed, see Dealing with Installation Errors in the Troubleshooting section.

Important: Additional information, such as IP addresses and port numbers may be needed as defined in the various sections of this document. The information needed will vary depending on the type of interface, devices, and features you choose to configure.

Installing and Connecting a New UTG to Shift4 Command Center This section provides basic instructions for installing a new UTG and connecting it to Shift4 Command Center. If you have any questions concerning the process, contact the Shift4 Payments Customer Support team at 702.597.2480, option 2.

Important: Command Center can only be used with UTG version 5.0.0.3011 or higher.

Requirement: To perform the tasks in this section, you must have the required permissions. Roles with the necessary permissions include the following:

• Shift4 Command Center Certified Installer

To install and connect a new UTG to Shift4 Command Center, complete the following steps:

1. Verify that the version of UTG you are installing is 5.0.0.3011 or higher.






Important: The account selected will be the account under which the installation package exists. When UTGs are installed and connected, they will also be under this account.

4. Select Dashboard if it is not already selected.

5. In the I Want to… section, click Install and Connect a New UTG.

6. In the Install and Connect a New UTG window, complete the following steps:

• In the Installation Name field, enter a name for the machine that will be associated with the installation package.

• In the Agent Install Location field, enter the desired file location where the Shift4 Command Center agent will be installed to, or leave the default location.

• In the UTG Install Location field, enter the desired file location where the UTG will be installed to, or leave the default location.

• In the Install Period field, select or enter the date range for which the installation package will be active. The package can only be used within the selected date range. The maximum period that an install package will stay active for is 365 days. Write down the end date for reference, since after this date the installation package will no longer be valid.

• (If applicable) Select the desired configuration profile. If you have not already created a profile, please review the Using Profiles in Shift4 Command Center section. It is not recommended to create an installation package without an associated profile.



• Click Create Install Package.

7. Write down the Verification ID, as you will need it during the installation process. If you forget to write down the Verification ID, it will be displayed in Shift4 Command Center once the installation package has been created.


• If the machine you are currently using is also the machine the UTG will be running on, click Download Package to download the package on this machine.



• If this is not the machine the UTG will be installed on, copy the URL and send it to a remote location for download, installation, and connection on the remote machine.

Running the installation To run the downloaded package, complete the following steps:

1. Run the downloaded package as a user with local admin rights on the target machine where the UTG will be running.

2. On the Welcome window, enter your Verification ID and click Verify. If you have access to Shift4 Command Center, you can also find the Verification ID under Installations. If you do not have access to Shift4 Command Center, you will need to contact your Shift4 Command Center administrator.

3. On the Confirm Account window, verify your Account and Profile name and click Confirm.

4. On the Enter Attributes window, enter the following:

• (Optional) File ID / MID – Enter a numeric value no longer than ten digits. • (Required) Merchant Description – Enter the name of the merchant that will be using the service. • (Required) Location – Enter the location where the service will be used. • (Optional) Lane/Register – Enter the lane that will be using the service.

5. Click Next.

6. If a profile with devices was selected for the installation package, you will be prompted to enter the following information on the Enter Device Details window.

• Enter the Source Serial number – The serial number under which the device will be processing transactions. You will only need to enter the source serial once during installation and it will be applied to all the configured devices for the profile.

• Enter the Device Name – This must be a unique name that will identify the device. • Enter the API TID – When signed in as the Account Administrator, this number can be found in Lighthouse

Transaction Manager under Settings > EMV Devices. You will be prompted to enter the API TID for each device that has been configured for the profile.



• Select a COM Port – Plug the device into your machine and use Windows device manager to view the COM port Windows assigns to the device, then select that COM port. You will be prompted to enter the COM port for each device that has been configured for the profile.

o If you are only configuring one USB connected device for this UTG, you can select Auto from the Port list. If Auto is selected, the UTG will automatically search for the COM port assigned to the device. This makes finding and selecting the Windows assigned COM port unnecessary. The auto setting cannot be used for multiple devices on the same UTG or for serial connected devices. If you decide later to add more devices to the UTG, you will need to edit the original device configuration and select the actual COM port to which it is connected.

Important: If you are using Ingenico devices with Windows 7, the Ingenico device driver must be version 3.14 or later in order to use the Auto setting.

7. Click Next.

8. On the Thank You window, click Done.

Note: The installation should generally take less than 2 minutes. If the profile was sufficiently defined and if the prompted values are entered correctly then the UTG should be ready to process transactions at this point. The devices may need to download their settings which may take some extra time but should happen automatically.

Important: The UTG will be started as a service. To run the UTG in Stand Alone, you will need to schedule a task in Shift4 Command Center to stop the UTG and follow with a task to start the UTG in Stand Alone, or manually stop the UTG on the local machine and start in Stand Alone.

9. The Shift4 Command Center Agent will be installed as a service under the Local System account. This should be changed in Windows services to run the Shift4 Command Center Agent and the UTG under an account that is securely locked down. To change from the Local System account to a more secure account, complete the following steps:

• The locked down account for the Shift4 Command Center Agent will need permission to start and stop the UTG. When the installation package is complete, you should see the Machine Nickname (after selecting Machines from top menu) and you should see UTG as the Service Type (after selecting Services from the top menu).

• If you have not completed the connection steps listed above, even if you have previously installed and configured a UTG on a local machine, it will not be visible in Shift4 Command Center.



10. When the installation package is complete, you should see the Machine Nickname in Shift4 Command Center (after selecting Machines from top menu). You should also see the new UTG as the Service Type (after selecting Services from the top menu). If you would like to change the default settings for the UTG you just installed, see the Configuring a Connected UTG section of this document.

11. If the download package was created, downloaded, and run, but an error message was displayed, see Dealing with Installation Errors in the Troubleshooting section.

Important: Additional information, such as IP addresses and port numbers may be needed as defined in the various sections of this document. The information needed will vary depending on the type of interface, devices, and features you choose to configure.

Using Profiles in Shift4 Command Center Profiles provide a means of configuring a group of UTGs. If you have a number of UTGs within your organization that will be using the same configuration settings, you can create a single profile and then apply it to all of your UTGs. Once created, the profile is always available for future use. You can also edit the profile and use it to update selected UTGs configurations.

Unique Fields Some configuration settings need to be unique for specific UTGs. Those settings will not be overwritten by pushing an updated Profile to an existing UTG.

Device settings

• Device Name (Will be applied if the device does not currently exist) • Source Serial (Must be supplied during or after the installation) • API TID (Must be supplied during or after the installation) • All settings in the Connection Section (If RS232 is selected, this will be applied if the device does not

currently exist)

API Interface Settings

• Clients (Must be supplied after the installation) • Host Address (Will be applied if the interface does not currently exist) • Port (This will be applied if the interface does not currently exist. The default will always be 16448.) • Encryption Passphrase (Must be supplied after the installation)



SSL Certificate (If using a certificate that is not generated by the UTG) Express Settings

The settings in the Identity section are only applied when installing a new UTG. If a profile is applied to a UTG that has already been connected and configured, the configured settings in the Identity section will not be overwritten.

Creating a New Profile

Requirement: To perform the tasks in the Creating a New Profile section, you must have the required permissions. Roles with the necessary permissions include the following:

• Shift4 Command Center Administrator • Shift4 Command Center Profile Management • Shift4 Command Center Certified Installer

To create a new profile in Shift4 Command Center, complete the following steps:


2. Under the Accounts menu, select the account for which the profile will be available.

3. Select Profiles.

4. Click on the right side of the Profiles section.

5. In the Profile Name field, enter a profile name that will be associated with a specific UTG configuration.

6. In the Select Template section, select one of the following:

• Default – Select Default to create a completely new profile. • Clone from Existing Profile – If you have an existing profile that is close to the profile you want to create,

select Clone from Existing Profile. You can edit the profile to the settings you want (see the Editing a Profile section).

o From the Select a Profile list, select the desired profile.




7. Click Add.

8. Depending on whether you selected Default or Clone from Existing Profile, the new profile will be displayed with default or the cloned profile values. The following fields are unique to profiles:

• Profile Name – The name entered when the profile was created, unless edited. • Parent Account – The account under which the profile was created.

Note: Profiles can be used within that parent account as well as any child accounts.



• Profile Version – The current version of the profile. When a profile is created, it has a version of 1. If changes are made to the profile before it is applied to a component, it will remain at version 1. If modifications are made to the profile after it has been applied to a component, it will increment by one to the next version.

9. For information on editing the other values for the profile, see the Configuring a Connected UTG section. If you are using a Micros POS/PMS, you will also need to see Appendix A: Using Micros Bridge. There are some fields that are displayed or behave differently in Profiles, and they are listed below:

• In API Interfaces, the IP Handling options are displayed as radio buttons with the option of using the Machine IP address or the Loopback Address option.

• In API Interfaces, the SSL Certificate options are displayed as radio buttons with the option of using a UTG generated certificate or supplying a certificate after installation.

• In Express, the IP Handling options are displayed as radio buttons with the option of using the Machine IP address or the Loopback Address option.

• In Devices, under Connection, only the RS232 connection type is supported in Device Mode. To use either the TCP/IP or UTG Stub device mode, the necessary connection information must be supplied after installing each UTG.

• In Devices, API Terminal ID and Source Serial Number for the device are not in profiles. They must be set after applying a profile.

Applying a Profile Once a profile has been created, it can be applied to a single UTG or multiple UTGs. This is especially helpful when a large number of UTGs will be using the same configuration settings. Profiles can be applied to UTGs in two ways:

• Add a profile to an installation package • Apply a profile to an existing UTG(s)



Requirement: To perform the tasks in the Applying a Profile section, you must have the required permissions. Roles with the necessary permissions include the following:


Adding a Profile to an Installation Package If you are installing and connecting a new UTG to an account that has profiles configured for it, you can add a profile while creating the installation package. The new UTG will be installed, connected, and configured with the selected profile settings.

Requirement: To perform the tasks in the Applying a Profile to an Installation Package section, you must have the required permissions. Roles with the necessary permissions include the following:


To add a profile to an installation package, complete the following steps:



3. Select Dashboard if it is not already selected.

4. In the I Want to… section, click Install and Connect a New UTG.

5. In the Installation Name field, enter a name for the machine that will be associated with the installation package.

6. In the Agent Install Location field, enter the desired file location where the Shift4 Command Center agent will be installed to, or leave the default location.

7. In the UTG Install Location field, enter the desired file location where the UTG will be installed to, or leave the default location.

8. In the Install Period field, select or enter the date range for which the installation package will be active. The package can only be used within the selected date range. The maximum period that an install package will stay active for is 365 days. Write down the end date for reference, since after this date the installation package will no longer be valid.

9. (If applicable) From the Profile list, select a UTG configuration profile that will be applied to the UTG when installed.




10. Click Create Install Package.


o If the machine you are currently using is also the machine the UTG will be running on, click Download Package to download the installation package on this machine.

o If this is not the machine the UTG will be installed on, copy the URL and send it to a remote location for download, installation, and connection on the remote machine.

12. Run the downloaded package as a user with local admin rights on the target machine where the UTG will be running.



Applying a Profile to Existing UTGs

Requirement: To perform the tasks in the Applying a Profile to Existing UTGs section, you must have the required permissions. Roles with the necessary permissions include the following:

● Shift4 Command Center Administrator ● Shift4 Command Center Profile Management ● Shift4 Command Center Certified Installer ● Shift4 Command Center Edit Configurations ● Shift4 Command Center Tasks and Configurations

To apply a profile to an existing UTG, complete the following steps:



3. From the top menu, select Services. (If you are on the Dashboard page, you can also click View My UTGs in the I Want to… section.)

Tip: If you are only adding a profile to one machine, you can select Machines from the top menu, click the Machine Nickname, select the component, click , and choose Apply a Profile.

4. Select the components to which you want to apply the profile.

5. Click and then click Apply a Profile.




6. From the Profile list, select the desired profile and click Apply.

7. Schedule a task to Update UTG(s) with the latest configuration. See the Scheduling a Task section for details.

Editing a Profile Profiles can be edited as needed. This is especially useful when the same updates need to be applied to a number of UTGs. Editing a profile and then applying the updated profile to a group of UTGs saves time and helps ensure all UTGs have the same configuration settings. Editing an existing profile does not automatically change the configuration settings of UTGs to which the profile has previously been applied. To initiate the changes, the edited profile must be applied to the desired UTG(s) and a task must be scheduled to Update UTG(s) with the latest configuration. See the Applying a Profile section for details.

Requirement: To perform the tasks in the Editing a Profile section, you must have the required permissions. Roles with the necessary permissions include the following:

● Shift4 Command Center Administrator ● Shift4 Command Center Profile Management

To edit a profile, complete the following steps:


2. Under the Accounts menu, select the account under which the profile exists.

3. Select Profiles.

4. Under Profile Name, select the profile you want to edit.

5. Edit all desired configuration settings. Some settings are not editable.

6. Click Apply.




Deleting a Profile Profiles can be deleted if desired. Deleting a profile will remove it from the Profiles list. If a deleted profile was previously applied to a UTG, the configuration settings will remain the same and No Profile will be displayed in the Profile column.

Requirement: To perform the tasks in the Deleting a Profile section, you must have the required permissions. Roles with the necessary permissions include the following:

● Shift4 Command Center Administrator ● Shift4 Command Center Profile Management

To delete an existing profile, complete the following steps:



3. Select Profile.

4. Click next to the profile you want to delete.

5. Click Delete Profile.

6. Click Continue.

7. Enter the name of the profile you want to delete to confirm you are deleting the correct profile.

8. Click Delete.

Configuring a Connected UTG This section provides basic instructions for configuring a UTG. If you have any questions concerning the configuration process, contact the Shift4 Payments Customer Support team at 702.597.2480, option 2.

Once a UTG has been connected in Shift4 Command Center, you can view or edit the configuration as desired. Remember, if you change the UTG’s configuration in Shift4 Command Center, you will need to schedule a task to Update the UTG(s) to the latest configuration.

To view or edit the configuration of a UTG that has been connected to Shift4 Command Center, complete the following steps:



3. From the top menu, select Services. (If you are on the Dashboard page, you can also click View My UTGs in the I Want to… section.)

4. Click the Component Nickname of the UTG you want to view or edit.





Requirement: A UTG must be connected to Shift4 Command Center before it will appear and be configurable in Shift4 Command Center. See the Connecting an Existing UTG to Shift4 Command Center section for connection instructions.

Configuring the General Settings Select General if not already selected. The General tab will be displayed with the following fields:

• Component Nickname/IP – The nickname of the component. The default component nickname is the IP address of the component, but the nickname can be edited if desired.

• Service Type – The type of service installed on this machine. Currently, this will be UTG. • Service Status – The current status of the service, which will be one of the following:

o Running –The operating system is reporting that the service is running. o Online – The UTG is running and it is online. This is specific to the UTG and indicates the UTG is

communicating with the Shift4 Payments data center (online). o Offline – The UTG is running but it is in offline mode. The UTG is not communicating with the Shift4

Payments data center (offline). o Stopped – The UTG or service is stopped. o Failed – The agent tried but could not communicate with the UTG or service. o Failed to check in – The agent didn’t post status to AWS. o Unknown – This is the default status before communication with the UTG or service to determine the

current status.

• Merchant Description – The merchant that will be using the service. • Location – The location where the service will be used. • Lane – The lane field lets the user know what lane will be using the service. • File ID / MID – A numeric value no longer than ten digits. • Last Known Communication – The date and time of the last instance of communication between Shift4

Command Center and the UTG. • Next Predicted Communication – When Shift4 Command Center expects to communicate with the UTG

next. This is used to indicate a communication issue with the UTG. • Agent Version – The Agent version reported to Shift4 Command Center. • UTG Version – The UTG version reported to Shift4 Command Center. • Configuration Status – Indicates if the local UTG configuration and the Shift4 Command Center UTG

configuration are in sync or if one is newer than the other. This provides a means of determining potential conflicts. To the right of the configuration Status, a corresponding icon provides a quick visual status. Configuration states include the following:

o Up to date – Both the UTG and Shift4 Command Center have the same configuration version and no changes have been detected.

o Locally modified – The UTG configuration has been modified on the local machine. o Locally newer – This indicates there was an error when trying to retrieve the configuration of the

local UTG into Shift4 Command Center. Schedule a task to update Shift4 Command Center with the UTG’s local configuration. If this problem persists, contact the Shift4 Payments Customer Support team for assistance at 702.597.2480, option 2.



o Pending – A task has been scheduled.

• Parent Account – The account where the installation package was created. • Shift4 Command Center Listener IP – The IP address on which the Shift4 Command Center agent will

communicate to UTG. If blank, it is using the local loopback address. • Shift4 Command Center Listener Port – The port on which the Shift4 Command Center agent will

communicate with UTG.



Viewing Devices for a UTG In the Devices section, you can view a list of all the devices you have set up in Command Center for the selected UTG.

The Devices section contains the following columns:

• Device Name – The name of the device connected to the UTG. • Service Name – The name of the UTG. • Machine Name – The name of the machine where the UTG is installed. • Status – The status of the device. The following may be displayed:

o Offline o Active o Idle

• Device Firmware – The device firmware version last reported to Command Center. • Device Keys – The security keys for the device. • Device Serial – The device serial number. • Device Type – The device type, such as an iPP320 device.

Viewing or Scheduling a Task for the Selected UTG In the Schedule Tasks section, you can view pending and previously scheduled tasks as well as schedule a new task for the selected UTG. The following information is displayed:

• Type – The type of task. Possible options include the following:

o Restart UTG(s) as a Service o Stop UTG(s) o Start UTG(s) as service o Start UTG(s) as standalone o Revert UTG(s) to last successfully applied configuration o Update Shift4 Command Center with UTG’s local configuration o Update UTG(s) to latest configuration o Retrieve latest component information o Change Agent Version o Reset UTG Slot

• Version – The software version of the UTG. • Date – The date and time the task displayed will be or was performed. • State – The current state of the task. Possible states include the following:

o Scheduled – The task has been requested at the scheduled date and time. This actually means requested.

o Running – The task has been scheduled and will be completed as soon as possible. It will remain in this state until completed or failed. If the task remains running for a long period of time, check your connection between Shift4 Command Center, the agent, and the UTG.

o Completed – The task was completed successfully. o Failed – The task could not be completed.



Tip: Click above the Search field to update the information to the latest status.

Scheduling tasks allows you to perform functions like stopping or starting a UTG immediately (or at a later date and time), as well as upload UTG configuration settings to Shift4 Command Center or push new configuration settings to a UTG.

To schedule a task, complete the following steps:

Tip: The steps outlined in the Scheduling a Task section can also be used, especially if you need to schedule the same task for multiple UTGs.

Note: Depending on your Shift4 Command Center role and permissions, you may not have access to all of the features described.

1. Click in the Schedule Tasks section.

2. From the Schedule for list, pick one of the following:

• UTG • Agent

3. If you selected UTG, complete the following steps:

• From the Task list, select one of the following categories:

o Start/Stop

Start UTG – Starts the UTG as a service. Stop UTG – Stops the UTG whether running as a service or in Stand Alone. Restart UTG – Stops and then restarts the UTG

o Configuration Changes

Update UTG – Stops the UTG, updates the UTG to the current Command Center configuration, and then restarts the UTG as a service.

Rollback UTG – Stops the UTG, roll the configuration back to the previously installed configuration, and then restarts the UTG.

Update Command Center – Updates the Command Center to the UTG’s current configuration. You will only see this option if the UTG is not part of a profile.

o Change UTG Version



Allows the user to change the UTG to a different version or choose the General Availability (GA) Release, which is the latest release available to everyone with all the newest features.

o Miscellaneous

Reset UTG Slot – The slot is what ties the UTG to the machine. If the UTG is moved to another machine, or if the IP address changes, the slot must be reactivated.

• From the selected task category, select the desired task.

4. If you selected Agent, complete the following steps:

• From the Task list, select the following option:

o Change Agent Version

Allows the user to change the Agent to a different version or choose the General Availability (GA) Release, which is the latest release available to everyone with all the newest features.

o Select the desired task.

5. (If applicable) To run the task immediately, select Run Immediately and click Apply.

6. (If applicable) To schedule the task for a later time, complete the following steps:


• From the Time Zone list, select the desired time zone. • Click Apply.

Configuring API Interfaces API interfaces create connections from the UTG to the Interface Vendor System so that transactions can flow back and forth. To view the currently configured API interfaces (if any) or to add an API interface, navigate to the appropriate section below.

Note: If you will be using EMV devices, any Offline settings configured in the UTG will be ignored when processing an electronic chip transaction. This is because EMV has its own process for handling transactions in offline scenarios. The terminal and card both have settings to determine whether or not to approve a transaction in this scenario. The UTG must honor the card’s decision to approve/decline rather than use the settings in the UTG.

Adding or Editing a TCP/IP Interface The TCP/IP interface uses TCP socket communication to connect to the UTG. It optionally provides encryption through the use of a shared secret passphrase. To add a TCP/IP interface, complete the following steps:






3. From the top menu, select Services.

4. In the Services section, click the Component Nickname of the service in which you would like to add or edit the interface.

5. Select API Interfaces.

6. Complete one of the following steps:

• Click an existing TCP/IP interface to edit the configuration settings. • Click to add the interface.

o From the Type list, select TCP/IP.

7. In the TCP Host Shift4 section, complete the following steps:

• In the Description field, enter a name that identifies this interface. • In the Host Address field, enter the IP address the interface will listen to for connections. • In the Port field, enter the port number defined by the Interface Vendor System. The default is 17476. • (If applicable) In the Encryption Passphrase field, enter a passphrase for the interface. • (If applicable) In the Verify Encryption Passphrase field, reenter the passphrase.

8. (If applicable) In the Clients section, complete the following steps to add a client:

• Click to add a client. • In the Remote IP Address field, enter the IP address. • From the Interface Type list, select the desired option:

o Unrestricted o 4Go o Secure POS Only o 4Go and Secure POS

Note: The Clients option is only used with 4Go®. If you are using 4Go, see the 4Go Technical Installation Guide for more information.

9. (If applicable) In the BIN Management & Stand-In section, complete the following steps:

• (If applicable) Select Bin Management and enter an amount in the Floor Limit field to enable the feature. When Bin Management is selected, the tool will automatically determine the card type and process the transaction as debit if the amount is above the defined Floor Limit, or the PIN pad will prompt the consumer to select credit or debit if the dollar amount is at or below the Floor Limit.

• (If applicable) Select Stand-in and enter an amount in the Floor Limit field to enable the feature. The amount will be the highest amount of an offline transaction allowed without returning a referral. (This setting provides additional functionality and security when the UTG cannot connect to the Shift4 Payments data center. See the Configuring Offline Mode section for more information.)

10. In the Receipt Options section, select the desired setting if you would like it enabled:



• Select Print blank tip line on authorizations to print a tip line on the receipt when an authorization is performed.

• Select Print blank tip line on sales to print a tip line on the receipt when a sale is performed.

Note: If either Print Blank Tip Line on Authorizations or Print Blank Tip Line on Sales is selected, the following should be noted:

• If the POS sends the tip amount, the tip line will not print on the receipt.

• If the user enters a tip amount on the PIN pad, the tip line will not print on the receipt.

11. Click Add.

Adding or Editing a TCP/IP SSL Interface To add a TCP/IP SSL interface, complete the following steps:







• Click an existing TCP/IP SSL interface to edit the configuration settings. • Click to add an interface.

o From the Type list, select TCP/IP SSL.

7. In the TCP Host SSL Shift4 section, enter the information into the appropriate field:

• In the Description field, enter a name that identifies this interface • In the Host Address field, enter the IP address the interface will listen to for connections. • In the Port field, enter the port number defined by the Interface Vendor System. The default is 21845.



o Unrestricted o 4Go o Secure POS Only




o 4Go and Secure POS

Note: The Clients option is only used with 4Go. If you are using 4Go, see the 4Go Technical Installation Guide for more information.

9. In the SSL/TLS Minimum Version section, use the slider to select the highest level. In accordance with the warning below, if you have temporary incompatibility issues with your POS/PMS, you may select another SSL/TLS minimum version. The level you choose and all levels listed above that setting will be supported.

• SSL 3.0 and higher • TLS 1.0 and higher • TLS 1.1 and higher • TLS 1.2 and higher

Warning! When the term SSL is used throughout this document, it should be interpreted as the newest version of TLS. In accordance with the PCI Data Security Standard, all versions of SSL and TLSv1.0 are no longer considered “strong encryption” and should never be used for non-console access to card data environments through public networks or to transport card data over public networks. Shift4 Payments offers the option to use SSL and TLSv1.0 due to system incompatibility issues with legacy PMS/POS systems, but it should only be considered a temporary fix. If SSL or TLSv1.0 must be used, it should only be used inside protected, non-public networks. For more information see https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf

10. In the Certificate Information section, complete the following steps:

• (If applicable) To allow the UTG to generate a certificate at each start up, select Use UTG Generated Certificate.

• (If applicable) If you want to provide a certificate for use with the UTG, complete the following steps:

o Clear the Use UTG Generated Certificate field. o In the Certificate File field, enter the certificate path for the desired certificate file. o In the Certificate Password field, enter the certificate password. o (If applicable) In the Private Key File field, enter the path for the private key file if required. o (If applicable) In the Private Key Password field, enter the private key password if you configured the

Private Key File field.

• (If applicable) If your POS/PMS needs a consistent certificate each time it connects to the UTG, even after a UTG reboot, you can use the Generate Certificate option to generate a persistent certificate. This might be a good option for browser-based POS/PMS systems. To generate a self-signed certificate authority (CA) that can be used to generate multiple certificates, see Appendix B: Using the Certificate Generator.





11. In the BIN Management & Stand-In section, complete the following steps:









13. Click Add.

Adding or Editing a UTG4Cloud Interface To add a UTG4Cloud interface, complete the following steps:







• Click an existing UTG4Cloud interface to edit the configuration settings. • Click to add an interface.

o From the Type list, select UTG4Cloud.

7. In the UTG4Cloud Shift4 section, enter the information into the appropriate field:

• In the Description field, enter a name that identifies this interface




• In the Host Address field, enter the IP address the interface will listen to for connections. • In the Port field, enter the port number defined by the Interface Vendor System. The default is 13107. • From the Transport Format list, select HTTP. (TCP is for future use).



o Unrestricted o Secure POS only


9. Click Add.

Adding or Editing a UTG4Cloud SSL Interface To add a UTG4Cloud SSL interface, complete the following steps:







• Click an existing UTG4Cloud SSL interface to edit the configuration settings. • Click to add an interface.

o From the Type list, select UTG4Cloud SSL.

7. In the UTG4Cloud SSL Shift4 section, enter the information into the appropriate field:

• In the Description field, enter a name that identifies this interface. • In the Host Address field, enter the IP address the interface will listen to for connections. • In the Port field, enter the port number defined by the Interface Vendor System. The default is 13107. • From the Transport Format list, select HTTP. (TCP is for future use).


• Click to add a client. • In the Remote IP Address field, enter the IP address.




• From the Interface Type list, select the desired option:









o Clear the Use UTG Generated Certificate field. o In the Certificate File field, enter the certificate path for the desired certificate file. o In the Certificate Password field, enter the certificate password. o (If applicable) In the Private Key File field, enter the path for the private key file if required. o (If applicable) In the Private Key Password field, enter the private key password if you configured the







• Click Add.

Adding or Editing a HTTP Interface The HTTP interface, encrypted by the UTG, allows web applications to send traffic to Shift4 Payments with much greater security and reliability than using HTTPS posting directly over the Internet. To add or edit a HTTP interface, complete the following steps:







• Click an existing HTTP interface to edit the configuration settings. • Click to add an interface.

o From the Type list, select HTTP.

7. In the HTTP Shift4 section, enter the information into the appropriate field:

• In the Description field, enter a name that identifies this interface • In the Host Address field, enter the IP address the interface will listen to for connections. • In the Port field, enter the port number defined by the Interface Vendor System. The default is 16448.

















11. Click Add.

Adding or Editing a HTTP SSL Interface To add or edit a HTTP SSL interface, complete the following steps:







• Click an existing HTTP SSL interface to edit the configuration settings. • Click to add an interface.

o From the Type list, select HTTP SSL.

7. In the HTTP SSL Shift4 section, enter the information into the appropriate field:

• In the Description field, enter a name that identifies this interface • In the Host Address field, enter the IP address the interface will listen to for connections.




• In the Port field, enter the port number defined by the Interface Vendor System. The default is 16448.











o Clear the Use UTG Generated Certificate field. o In the Certificate File field, enter the certificate path for the desired certificate file.





o In the Certificate Password field, enter the certificate password. o (If applicable) In the Private Key File field, enter the path for the private key file if required. o (If applicable) In the Private Key Password field, enter the private key password if you configured the












13. Click Add.

Adding or Editing a REST Interface The REST interface provides a simple integration using standard REST calls. The REST interface currently supports TLS 1.2 only. The REST API is only available for UTG version 3001 and above. See the requirement below.

To add a REST interface complete the following steps:










• Click an existing REST interface to edit the configuration settings. • Click to add an interface.

7. From the Type list, select REST.

8. In the REST Shift4 section, complete the following steps:

• In the Description field, enter a name that identifies this interface. • In the Host Address field, enter the IP address the interface will listen to for connections. • In the Port field, enter the port number defined by the Interface Vendor System. The default is 17476.

9. (Optional) The Clients section options are only used with 4Go. If you are using 4Go, see the 4Go Technical Installation Guide for more information.

Requirement: You must enter a valid path to the certificate file on the machine running the UTG. Failure to do this will cause the UTG to be inoperable. (If an invalid path is entered, the interface must be deleted on the UTG machine using TuneUp, and the interface will need to be added again with a valid path.)

10. In the Certificate Information section complete the following steps:

• In the Certificate File field, enter the file path to where the certificate is saved. • In the Certificate Password field, enter password for the certificate. • In the Private Key File field, enter the file path to where the Private Key is saved. • In the Private Key Password field, enter the password for the Private Key. • (If applicable) If your POS/PMS needs a consistent certificate each time it connects to the UTG, even after

a UTG reboot, you can use the Generate Certificate option to generate a persistent certificate. This might be a good option for browser-based POS/PMS systems. To generate a self-signed certificate authority (CA) that can be used to generate multiple certificates, see Appendix B: Using the Certificate Generator.

11. (Optional) To enable Bank ID Number (BIN) management, select Bin Management. In general, merchants prefer to process transactions as debit when the transactions are above a certain amount and as credit when transactions are below that amount. When BIN Management is selected, the BIN Management tool will automatically determine the card type and process the transaction as debit if the amount is above the user defined Floor Limit, or the PIN pad will prompt the consumer to select credit or debit if the dollar amount is at or below that Floor Limit.

• The Bin Management Floor Limit specified is the lowest amount for which the Bin Management function is enabled.

• To enable Stand-in, select Stand-in. See the Configuring Offline Mode section for more information on Stand-in. The Stand-in Floor Limit specified is the highest amount of an offline transaction without returning a referral. (The default setting is 0.00.)



o Above the Floor Limit, the UTG will return a referral and a Token. o At or below the Floor Limit, the UTG will return an approval and a Token.

Note: The authorization code received in offline mode is temporary and will be replaced with a permanent authorization code when the UTG is able to connect to the Shift4 data center if the transaction is approved by the processor.

12. Click Add.

Adding or Editing a Simphony API Interface This interface is for Oracle/MICROS Simphony users and requires the merchant ID, the API serial number, and the API password. To add or edit a Simphony API interface, complete the following steps:







• Click an existing Simphony API interface to edit the configuration settings. • Click to add an interface.

o From the Type list, select Simphony API.

7. In the Simphony Shift4 section, enter or select the appropriate information:

• In the Description field, enter a name that identifies this interface. • In the Host Address field, enter the IP address the interface will listen to for connections. • In the Port field, enter or select the port number defined by the Interface Vendor System. The default is

5008.








9. In the BIN Management & Stand-In section, complete the following steps:

• (If applicable) Select High Capacity. For the high capacity batch process, the UTG immediately returns a success response to Simphony before attempting to upload the transaction to Lighthouse Transaction Manager; this increases throughput, but also increases the merchant's risk. Simphony will have a success response when the transaction may have failed to upload; however, the merchant can correct this manually if it occurs. To mitigate risk, the UTG will have up to 20 outstanding transactions at a time during this process. If there are more than 20 outstanding transactions, the UTG will wait for a response from Lighthouse Transaction Manager for the next request. This ensures the UTG or Lighthouse Transaction Manager will not become overloaded.



10. In the Merchant API SN/PWD Map section, complete the following steps:

• Click to add an API SN/PWD map. • Enter the information into the appropriate fields:

o In the Merchant ID field, enter the merchant ID. o In the API SN field, enter the API Serial Number. o In the API PWD field, enter the API Password.

11. Click Add.

Adding or Editing a Serial API - ASCII Interface To add or edit a Serial API - ASCII interface, complete the following steps:










• Click an existing Serial API - ASCII interface to edit the configuration settings. • Click to add an interface.

o From the Type list, select Serial API - ASCII.

7. In the Ascii Shift4 section, enter or select the appropriate information:

• In the Description field, enter a name that identifies this interface. • From the Port list, select the desired COM port. • Leave the Phone field blank. • In the Baud Rate field, enter the baud rate. The default is 9600. • In the Ticks field, enter 36 unless otherwise specified by Shift4 Payments. • From the Interface Type list, select the desired option:


• (If applicable) Select Flow Control. Most modems require flow control to be enabled. The cable must have the proper pins connected.




9. Click Add.

Adding or Editing a Serial API - Binary Interface To add or edit a Serial API - Binary interface, complete the following steps:







• Click an existing Serial API - Binary interface to edit the configuration settings. • Click to add an interface.

o From the Type list, select Serial API - Binary.

7. In the Binary Shift4 section, enter or select the appropriate information:




• In the Description field, enter a name that identifies this interface. • From the Port list, select the desired COM port. • Leave the Phone field blank. • In the Baud Rate field, enter the baud rate. • In the Ticks field, enter 36 unless otherwise specified by Shift4 Payments. • From the Interface Type list, select the desired option:

o Unrestricted o Secure POS Only

• (If applicable) Select Flow Control. Most modems require flow control to be enabled. The cable must have the proper pins connected.

8. (If applicable) In the BIN Management & Stand-In section, complete the following steps;



9. Click Add.

Adding or Editing an Oracle Payment Interface To add or edit an Oracle Payment interface, complete the following steps:







• Click an existing Oracle Payment interface to edit the configuration settings. • Click to add an interface.

o From the Type list, select Oracle Payment.

7. In the Oracle Payment Shift4 section, enter the information into the appropriate field:


8. In the Clients section, complete the following steps to add a client:








• (If applicable) To allow the UTG to generate a certificate at each start up, select UTG Generated from Certificate Mode list.

• (If applicable) If you want to provide a certificate for use with the UTG, select Path Provided from Certificate Mode list and complete the following steps:

o In the Certificate File field, enter the certificate path for the desired certificate file. o In the Certificate Password field, enter the certificate password.

Note: The Site ID Mapping section is for viewing only and cannot be configured or modified in Shift4 Command Center. It will display the site ID configured in the UTG Stand Alone if a task has been successfully run to update Shift4 Command Center with the UTG’s local configuration.





• Select the maximum number of characters for the column width of the receipt. • Select Print blank tip line on authorizations to print a tip line on the receipt when an authorization is

performed. • Select Print blank tip line on sales to print a tip line on the receipt when a sale is performed. • (Optional) If you don’t want a receipt to be printed when performing a sales completion, select Suppress

Sales Completion Receipts.






12. Click Add.

Note: See the Adding an Oracle Payment Interface (OPI) section of the UTG Installation and Configuration Guide in MyPortal or Lighthouse Transaction Manager Help for additional steps that must be completed using the UTG Stand Alone at the site where the UTG is installed.

Adding or Editing an Opera Payment Interface To add or edit an Opera interface, complete the following steps:







• Click an existing Opera interface to edit the configuration settings. • Click to add a new interface.

o From the Type list, select Opera.

7. In the Opera API Shift4 section, enter the information into the appropriate field:


8. In the Clients section, complete the following steps to add a client:







9. In the SSL/TLS Minimum Version section, use the slider to select the highest level possible for your system.

• For Oracle database 11.2.0.4 or lower, select TLS 1.0. • For Oracle database 11.2.0.4.170531 (OPERA 5.5 or higher), select TLS 1.2.

The level you choose and all levels listed above that setting will be supported.



• (If applicable) To generate a SHA1 certificate, select Use SHA1 Certificate. Older OPERA versions require the use of SHA1 certificates. This is because the Oracle Database that is used by these systems does not support SHA2. If you have Oracle Database 11.2.0.4 or higher, you can generate the newer SHA-256 certificate, by clearing this field.

• Enter the Chain Code. (This is found in the OPERA system under Configuration > Property Interfaces > General Parameters.)

• Enter the Property Code. (This is found in the OPERA system under Configuration > Property Interfaces > General Parameters.)

Important: Once you have completed this page and added the Opera interface, you can open the interface and upload or generate a certificate authority (CA).









• Select the maximum number of characters for the column width of the receipt. • Select Print blank tip line on authorizations to print a tip line on the receipt when an authorization is

performed. • Select Print blank tip line on sales to print a tip line on the receipt when a sale is performed. • (Optional) If you don’t want a receipt to be printed when performing a sales completion, select Suppress

Sales Completion Receipts.




13. Click Add to create the interface. This will take you back to the API Interfaces.

14. From the list, click the new Opera interface you just created.

15. In the Certificate Information section, to provide a certificate for the new Opera interface, complete one of the following:

• To generate a new persistent certificate, click Generate New Certificate.

o The certificate password will be displayed. Write down the password and provide it to the installer. This password will need to be entered in Opera. The password will only appear once. It is the responsibility of the site to record and manage that password.

o Save the ewallet.p12 file in the UTG folder. You will need to manually import the .p12 file into your Opera installation.

o Once you have written down the password, select I have written down the password and saved the files.

o Click Done.



o Schedule a task to push the certificate to the UTG. o Click Apply.

• To upload an existing certificate, click Upload Certificate.

o Click Browse and locate your certificate. o Click Open. o In the Password field, enter a password for the certificate. o Click Upload. o Click Apply.

Configuring Devices If you already have configured devices on your local UTG before connecting to Shift4 Command Center, the supported devices and their configuration settings will automatically be imported into Shift4 Command Center. Shift4 Command Center allows you to edit your device configurations or add additional devices as needed.

Requirement: For EMV devices, configuration must be completed in Lighthouse Transaction Manager by the Account Administrator or a user with the EMV devices access permission enabled for their user type. If EMV devices have not been set up for your Lighthouse Transaction Manager account, contact the Shift4 Payments Customer Support team at 702.597.2480, option 2. If EMV devices have already been set up for your Lighthouse Transaction Manager account, continue configuring your devices in Shift4 Command Center, and then contact the Account Administrator for completion. See the Appendix D – Configuring Devices section in the Account Administrator Guide located in the help section of Lighthouse Transaction Manager for configuration information.



To edit the configuration of a device or to add a new PIN pad device using Shift4 Command Center, complete the following steps:



3. From the top menu, click Services.

4. In the Services section, click the Component Nickname of the service in which you would like to configure or add a device.

5. Select Devices.


• To edit an existing device, click anywhere in the device’s row. • Click to add a device.

o From the Type list, select the device type you want to add.

Important: Depending on the device selected, some features may not be available for configuration.

7. In the [device type] section, complete the following steps:

• Enter the Device Name. This must be a unique name that will identify this device.

WARNING! Do not enter a device name that has already been used. This will result in overwriting the previous device settings and only one device will be configured.

• In the API Terminal ID field, enter a terminal ID specific to the payment device. See the note below for more information.

Important: The API Terminal ID is a value consisting of 1-32 alphanumeric characters. It is specific to each PIN pad, and it is specified by the merchant or POS/PMS provider. Shift4 Payments suggests a naming convention that keeps the API Terminal ID unique across the merchant’s entire enterprise. (For example, 70211 where 702 is the store number and 11 is the lane number where the PIN pad is stationed for use.) The API Terminal ID must be set in the POS/PMS, UTG, and Lighthouse Transaction Manager. The value must match so that those systems can




identify the PIN pad being used during the transaction.

• (If applicable) Enter the Source Serial Number. This option is used if the device is going to be processing transactions under a different serial number than the one configured for the UTG on the Express tab.

o For example, if a merchant has a single UTG configured under SN 1, a device configured under SN 2 and another device configured under SN 3, the terminal download process would work for both of the devices even though they are under different serial numbers from the UTG.

• (If applicable) Enter a Line Length. This is the length of the text line on the device before wrapping the text.

• (If applicable) Enter a Beep Volume. This is the volume level the device will beep for actions, such as pressing a button or EMV card removal prompt. Enter any number between 0 and 100 considering the following:

o Entering 0 = volume off o Entering 100 = full volume

• (If applicable) Enter a Debit Key Index number. Ingenico Telium RBA devices have the ability to be injected with up to five keys. This allows the same device to be used for multiple processors. Debit Key Index 0, 1, 2, 3, and 5 are available. Debit Key Index 4 is reserved for P2PE keys. If you are using an Ingenico Telium RBA device and know the desired Debit Key Index, enter the number. The default is 0.

• (If applicable) Enter an Amex Key Index number to support using a different key slot for the Online PIN key when processing an Amex EMV card.

• (If applicable) Select the default language to be displayed on the device. The current options include:

o English o Spanish o French

• (If applicable) If you are using Dynamic Currency Conversion (DCC), in the DCC Timeout field, enter the amount of time in seconds before a request for a currency conversion rate times out. The default is 3 seconds.

• (If applicable) Contactless Enabled is selected by default for all RBA devices. To disable Contactless, clear the option. Contactless payment systems use radio-frequency identification (RFID) or near field communication (NFC) for making secure payments.

• (If applicable) Select Bypass Amount Ok to bypass the amount confirmation screen on the device. • (If applicable) Enter the desired Reboot Time. The Reboot Time option is provided to satisfy a PCI

requirement for devices that are PCI version 4 and above. To satisfy the PCI requirement, the devices must be rebooted every 24 hours. The Reboot Time option allows you to set a convenient time when the device will automatically be rebooted.

o The Reboot Time setting will be read and set in the device and take effect ONLY after the device has rebooted once after it starts up. The device may or may not automatically reboot after it starts up. For example, if the reboot time currently set in the device is different than the setting in UTG Tune-up and UTG restarts, the UTG will force the device to reboot once after it starts up. If the device does not reboot after it starts up, you can choose to manually reboot the device or it will reboot automatically based on the reboot time currently set in the device if the reboot flag is enabled in the device.



o The Reboot Time settings will be ignored for RBA PCI version 4 devices with application version below v21.5.6. The full model name for these devices cannot be read by the UTG. Without the full model name, the UTG cannot determine whether the device is PCI version 4 or above. Therefore, the device will automatically reboot every 24 hours based on the reboot time currently set in the device if the reboot flag is enabled in the device.

8. In the Connection section, click the caret and select or enter the following information:

• Device Mode – The options include the following:

o RS-232 o UTG Stub o Direct TCP/IP

Note: For more information about the Device Modes, see the UTG Installation and Configuration Guide for UTG.

• From the Port list, select the COM port to which the device is connected. Plug the device into your machine and use Windows device manager to view the COM port Windows assigns to the device, and then select that COM port. You will be prompted to enter the COM port for each device that has been configured for the profile.

o If you are only configuring one USB connected device for this UTG, you can select Auto from the Port list. If Auto is selected, the UTG will automatically search for the COM port assigned to the device. This makes finding and selecting the Windows assigned COM port unnecessary. The auto setting cannot be used for multiple devices on the same UTG or for serial connected devices. If you decide later to add more devices to the UTG, you will need to edit the original device configuration and select the actual COM port to which it is connected.

Important: If you are using Ingenico devices with Windows 7, the Ingenico device driver must be version 3.14 or later in order to use the Auto setting.

Note: If your device is shipped with a USB connection, you will need to virtualize the COM port using the driver supplied by the manufacturer.

• From the Baud Rate list, select the connection speed as indicated by the device manufacturer. (See the Using External Devices guide for more information.)

• In the Timeout in Seconds field, enter a time in seconds. This is the amount of time in seconds (per screen) that the UTG will wait before returning a No input from customer error. The recommended time



for most devices is 30 seconds. The set time is doubled for swipe/manual entry screens to allow time for manual data entry.

9. (If applicable) In the Manual Card Entry section, if Manual Card Entry is enabled and available for the selected device, click the caret and complete the following steps:

• Select Manual Card Entry Enabled. • In CVV Prompt, select the desired setting. • In Street Prompt, select the desired setting. • In Zip Prompt, select the desired setting. • To configure the Minimum Digits and Maximum Digits that can be entered on a payment device,

complete the following steps:

o In the Minimum Digits field, enter the minimum number of digits that can be entered on the payment device.

o In the Maximum Digits field, enter the maximum number of digits that can be entered on the device.

For example, if you want to restrict the number of digits entered to 16 digits, enter 16 in the Minimum Digits field and then enter 16 in the Maximum Digits field.

Note: When performing manual card entry, the Maximum Digits that can be entered on a Verifone MX915 P2PE device cannot exceed 19 digits.

• (If applicable) Add Bin Range Overrides by completing the following steps:

o Click to add a Bin Range Override and complete the following steps: o Enter the beginning six-digit BIN in the Upper Range field. o Enter the ending six-digit BIN in the Ending Range field. o In the Min Length field, enter the minimum PAN length. o In the Max Length field, enter the maximum PAN length.

Note: If your card ranges are always 16 digits, enter 16 for the Min Length and 16 for the Max Length.

o Select all of the parameters that will be bypassed from the following list:

Bypass CVV (Card security code) Bypass Exp Date (Card expiration date) Bypass Luhn (Luhn mod 10 check) Bypass Street Bypass Zip



Important: If your card range will not pass the Luhn mod 10 check, be sure to select Bypass Luhn.

o (If applicable) Add additional Bin Range Overrides. (Up to nine may be configured.)

Note: See the Using EMV External Devices guide for more information and examples of BIN Range Overrides.

10. (If applicable) In the Private Label section, click the caret and select or enter the following information:

• Prescreen Application – The Prescreen Application uses the applicant’s postal code to determine the likelihood of the applicant being approved for a private label card based on the average credit rating in the postal code entered.

o Select all desired fields.

• Prescreen Acceptance – The Prescreen Acceptance indicates a Prescreen Application approval and requests additional information from the applicant to complete a private label application approval.


• Quick Credit Application – The Quick Credit Application is an abbreviated individual credit application requiring less applicant information than the full credit application. To be eligible to apply using the Quick Credit Application process, the applicant must have a major bank card (Visa, Mastercard, American Express or Discover).


• Instant Credit Application – The Instant Credit Application is a private label card application based solely on the supplied information, and forgoes any Prescreen Application.


• Pre-approved Application – The Pre-approved Application process starts with an applicant receiving a pre-approved offer in the mail. This offer contains a twelve digit certificate number which associates the applicant with a pre-approved offer of credit. The Pre-approved Application requires fewer input data items than the full application.


• Account Lookup – Account Lookup allows the merchant to obtain cardholder account information from the cardholder’s Social Security Number (SSN) or SSN and Zip Code or SSN and Date of Birth. Inquiries are used when the cardholder does not have their card available at the time of purchase.




Option Definition Table

Private Label Prompt Options Definition

SSN (Social Security Number) If selected, the applicant will be prompted to enter their social security number.

SSN Last 4 If selected, the applicant will be prompted to enter the last four digits of their social security number.

Date of Birth If selected, the applicant will be prompted to enter their date of birth.

Zip Code If selected, the applicant will be prompted to enter their zip code.

Income If selected, the applicant will be prompted to enter their annual income.

Signature If selected, the applicant will be prompted to sign the PIN pad device.

Promo Text If selected, the percent entered for each time period will be displayed to the applicant on the device and printed on the receipt.

Note: The percent entered is used to calculate the required, fixed monthly payment for the corresponding promotional period during a private label card promotion.

Note: See the Configuring Private Label Prompts section of the Using EMV External Devices guide for more information.

11. (If applicable) In the Cashback section, click the caret and complete the following steps:

• Select Cashback Enabled to enable cashback prompting on the device.

Requirement: Cashback must be supported on your POS/PMS for the settings to work.

• (If applicable) Enter the amounts that will be displayed on the device as cashback options:

o (If applicable) Enter the First Amount. The default is 20.00. o (If applicable) Enter the Second Amount. The default is 40.00. o (If applicable) Enter the Third Amount. The default is 60.00.



o (If applicable) Enter the Fourth Amount. The default is 80.00. o (If applicable) Enter the Maximum Amount. The default is 200.00.

Note: If Cashback is enabled, the five amounts configured above will be displayed. If you don’t want to display all of the buttons, refer to the Using EMV External Device guide for help.

12. (If applicable) In the EBT section, click the caret and complete the following steps:

• (If applicable) Select EBT Cash Enabled to enable the device to prompt for EBT Cash in an EBT transaction. • (If applicable) Select EBT Food Enabled to enable the device to prompt for EBT Food in an EBT transaction.

13. (If applicable) In the Tip section, click the caret and complete the following steps:

• Select Disabled if you do not want to prompt the consumer for a tip. • Select No Presets to disable the preset percentages or amounts and prompt the consumer to enter a tip

amount. • Select Percent and enter up to 4 tip percentages that will be displayed on the PIN pad when prompting

for tip.

o In the First Percent field, enter a percent tip option, such as 10. o In the Second Percent field, enter a percent tip option, such as 15. o In the Third Percent field, enter a percent tip option, such as 20. o In the Fourth Percent field, enter a percent tip option, such as 25.

Note: Percent fields are displayed on the device from left to right. Entering a 0 in any of the fields will cause that field to not be displayed on the PIN pad. For example, if you only want to display 3 tip options (10%, 15%, and 20%), you could enter 0 in the First Percent field, 10 in the Second Percent field, 15 in the Third Percent field, and 20 in the Fourth Percent field. Only the first three fields would be displayed on the PIN pad.

• Select Amount to enter up to 4 set amounts that will be displayed when prompting for tip.

o In the First Amount field, enter the desired set amount. o In the Second Amount field, enter the desired set amount. o In the Third Amount field, enter the desired set amount. o In the Fourth Amount field, enter the desired set amount.



Note: Amount fields are displayed on the device from left to right. Entering a 0 in any of the fields will cause that field to not be displayed on the PIN pad. For example, if you only want to display 3 tip amount options (1, 5, and 10), you could enter 0 in the First Amount field, 1 in the Second Amount field, 5 in the Third Amount field, and 10 in the Fourth Amount field. Only the last three fields would be displayed on the PIN pad.

14. When you have completed configuring all applicable sections for the device, click Add or Apply to save.



Cloning a Device Once you have created a device with all the desired settings, it can be cloned. A cloned device has all the same settings, and you only have a few unique fields for which you will need to supply information. This can save time and assure consistent settings if you are using the same devices at multiple locations.

For example, suppose your organization has five locations that each have a UTG and all of the locations use the same devices. Let’s say each of the five locations use a different number of devices. You could create a Profile (see the Creating a Profile section for more details) with one device and use that profile for all five locations. Then, you could clone the device at each location as needed.

To clone a device in Shift4 Command Center, complete the following steps:



3. From the top menu, click Services.

4. Click the Component Nickname that has the device you want to clone.

5. Click the Devices tab.

6. Click in the row of the device you want to clone.

7. In the Create a Clone window, enter the following information:

• Device Name – Enter a name that is unique to each device. Do not use a name more than once. • API Terminal ID – In the API Terminal ID field, enter a terminal ID specific to the payment device. The

Terminal ID is available in Lighthouse Transaction Manager under Settings > EMV Device, if your device has been set up. See the note below for more information.

Important: The API Terminal ID is a value consisting of 1-32 alphanumeric characters. It is specific to each PIN pad, and it is specified by the merchant or POS/PMS provider. Shift4 Payments suggests a naming convention that keeps the API Terminal ID unique across the merchant’s entire enterprise. (For example, 70211 where 702 is the store number and 11 is the lane number where the PIN pad is stationed for use.) The API Terminal ID must be set in the POS/PMS, UTG, and Lighthouse Transaction Manager. The value must match so that those systems can identify the PIN pad being used during the transaction.

• Source Serial Number – Enter the Lighthouse Transaction Manager merchant ID or MID. • Device Mode – Select a Device Mode.

o If you select RS-232, complete the following:

Select a unique COM port for the device. You cannot have two devices on the same COM port.

Select the Baud Rate for the device. This can be the same for all devices. Enter a Timeout in Seconds for the device. This can be the same for all devices.




o If you select UTG Stub, complete the following:

Enter the IP Address for the device. The IP combination of the IP Address and Port must be unique for each device, but an IP Address or Port may be repeated as long as the combination if unique.

Enter a Port for the device. The IP combination of the IP Address and Port must be unique for each device, but an IP Address or Port may be repeated as long as the combination if unique.

Enter a Timeout in Seconds for the device. This can be the same for all devices.

o If you select Direct TCP/IP, complete the following:

Enter the IP Address for the device. The IP combination of the IP Address and Port must be unique for each device, but an IP Address or Port may be repeated as long as the combination is unique.

Enter a Port for the device. The IP combination of the IP Address and Port must be unique for each device, but an IP Address or Port may be repeated as long as the combination is unique.

Enter a Timeout in Seconds for the device. This can be the same for all devices.

• When you have entered the required information, click Clone.

Configuring 4Go 4Go is a persistent application that intercepts cardholder data. It secures both swiped and manually entered cardholder data by replacing it with either a temporary, false card number or a TrueToken®. The actual cardholder data is only stored by Shift4 Payments. No actual cardholder data ever exists in the POS/PMS application’s logs, databases, or transport mechanisms.

While monitoring the swipe data, 4Go also helps prevent tampering of the keyboard or swipe device by ensuring that no other application is able to intercept the swipe device’s data stream. 4Go can be used with most standard swipe devices.

To configure 4Go, complete the following steps:




4. In the Services section, select the Component Nickname of the service in which you would like to configure 4Go.

5. Select 4Go.

6. Select Enable 4Go.

7. (If applicable) In the Broadcast Addresses section, complete the following steps:

• Click to add a broadcast address. • Enter the server’s IP address or the terminal’s IP address.




Note: Broadcast addresses are detected by the UTG when installed on a machine. If you are not sure of the broadcast addresses, it is best to upload the configuration settings from the UTG on the machine to Shift4 Command Center first before making changes in Shift4 Command Center. See the Connecting an Existing UTG to Shift4 Command Center section for additional information.

8. In the Faux Generation Method area, select the desired method:

• Sequential - Valid Luhn Mod 10 • Sequential - Invalid Luhn Mod 10 • Combination - Valid Luhn Mod 10 • Combination - Invalid Luhn Mod 10

9. In the Normal Retention Time field, enter the retention time.

10. In the Offline Retention Time field, enter the offline retention time.

11. In the Update Server section, complete the following steps:

• In the Host Address field, enter the applicable host address. • In the Port field, unless it is in use by another interface, enter the default: 17504.

12. Click Apply.

Tip: For complete instructions on installing and configuring 4Go, see the 4Go Technical Installation Guide in Lighthouse Transaction Manager Help or MyPortal Documentation Corner.

Configuring Express Parameters The Express parameters control and define the connections used by the UTG to communicate with the Shift4 Payments data centers.

To configure the Express parameters, complete the following steps:




4. In the Services section, select the Component Nickname of the service in which you would like to configure the parameters.

5. Select Express.




Requirement: The Identity section must be set manually on a UTG, regardless if a UTG configuration is assigned to it.

6. In the Identity section, enter the information into the appropriate field:

• The Serial field cannot be edited using Shift4 Command Center and must be populated when installing the UTG at the local site.

• The Slot field cannot be edited using Shift4 Command Center and must be populated when installing the UTG at the local site.

• In the Host Address field, enter the local IP address of the computer running the UTG.

WARNING! Because of the extensive security requirements of Shift4 Payments, any change to the IP address will affect the UTG and prevent successful operation. Contact the Shift4 Payments Customer Support team to allow activation if the IP address needs to be changed after any transactions have been processed.

• In the Location field, enter the ZIP/postal code where the UTG is installed. • GUID – This is the unique ID for this specific UTG. • In the API Serial Number field, enter the API serial number provided by Shift4 Payments. • In the API Password field, enter the API password provided by Shift4 Payments. • In the Verify API Password field, reenter the API password.

7. In the Gateway section, enter or verify the information in the appropriate fields:

• Address – The IP address the interface will listen to for connections. • Port – The port number defined by the Interface Vendor system. The default is 17476 ($4444 for hex). • Route Code – Use “A” for the route code unless instructed otherwise by Shift4 Payments to do so. • Max Score – This scores the quickest and most reliable routes to the Shift4 Payments data centers. The

default should be 10.

8. Click Apply.

Configuring Mail Server To configure email notifications, complete the following steps:




4. In the Services section, select the Component Nickname of the service in which you would like to configure email notifications.




5. Select Mail Server.

6. In the Mail Server Name field, enter the SMTP server name the UTG will use to send email notifications.

7. In the Source Domain field, enter the email notification’s origination domain address.

8. In the Port field, enter the port the UTG will use to send email notifications.

9. In the Alert Recipient area, click to add an alert recipient who will receive email alerts generated by the UTG. And then, in the Email field, enter the email address to which alert email notifications should be sent.

10. (If applicable) Repeat step 9 until all alert email addresses have been entered.

11. In the Status Recipients section, click to add a status recipient. And then, in the Email field, enter the email address to which status email notifications should be sent.

12. (If applicable) Repeat step 11 until all status email addresses have been entered.

13. Click Apply.

Configuring Advanced Settings To configure Advanced parameters, complete the following steps:




4. In the Services section, select the Component Nickname of the service in which you would like to configure Advanced parameters.

5. Select Advanced.

6. In the System section, verify or enter the following information:

• UTG ID • Max Transmits • Max Circuit Elements • Worker Threads • Cloud Timeout Override – If you are using a UTG4Cloud or UTG4CloudSSL interface, Shift4 Payments

suggests that you set the Cloud Timeout Override at 120 seconds. Since the override setting is for the UTG in the cloud, this will allow time for the local UTG to complete transactions. If you experience data center timeouts happening before the local UTG can finish processing transactions, increase the Cloud Timeout Override setting accordingly.

7. In the Station Name field, you can leave the default setting or enter a name for the UTG station.

8. The Installation Path represents the location where the UTG is installed. The location displayed in Shift4 Command Center must match the actual installation path. This setting should only be changed if the installation path in Shift4 Command Center does not match the actual location of the UTG.

9. (If applicable) In the Signature Compression section, complete the following steps:

• (If applicable) To enable signature compression, complete the following steps:

o Select Signature Compression.




o In the Maximum Bytes field, select the maximum bytes for signature compression.

WARNING! The options listed in this section can be configured as directed. Do not change default settings that are not listed in this document without contacting Shift4 Payments.

10. In the Preferences section, select or enter the following information:

• (If applicable) Select Convert Communication Errors to Referrals if your Interface Vendor System allows handling communication error responses as referrals.

• (If applicable) Select Send Alert Messages to Shift4 to send alert messages to Shift4 Payments, regardless of Mail Server settings.

• (If applicable) Select Transaction Cache Enabled to allow the transaction cache to hold the last hours’ worth of debit transactions and reply with the same response to a duplicate debit request received from an interface.

• In the Low Disk Space Warning Threshold field, enter the minimum amount of disk space to use for trace before sending an alert email notification to the address(es) specified in the Mail Server settings.

11. In the Max Threads section, in the Maximum Threads field, enter the desired amount. The default is 90.

12. In the API Overrides section, select or enter the following information:

• Select Corrupt DataMark Track Data Fix 1 if needed.

13. In the Environment section, select one of the following options:

• Next to Environment, select Production if you have certified and are ready to send real transactions to the processor, or select Test if you are still in the certification process and performing test transactions.

14. (If applicable) In the Memory Monitor section, complete the following steps:

• To enable memory monitoring, complete the following steps:

o Select Memory Monitor to send an email snapshot of memory usage, current status, and current configuration to the destination email address listed in the Destination field.

Note: If Memory Monitor is not selected, Frequency and Destination fields will not be editable.

o In the Frequency List, select the desired option. o In the Destination field, enter the email address to which the data should be sent.

15. In the Trace Configuration section, enter or verify the information in the appropriate field:

• In the Directory field, enter the file path the trace will be saved in. The default path is C:\Shift4\UTG2\UTG Trace.



• In the Max Files field, enter or select the maximum number of trace files. (This is the maximum number of files retained without enabling High Capacity.)

• In the Blocks field, enter or select the number of lines of trace to be displayed in the Filter form. Above this number, the oldest blocks will be discarded from memory.

• In the Bytes Each field, enter or select the amount of trace to save in each file. • (If applicable) In the Suffix field, enter any two-digit character combination. Suffix characters are used to

distinguish these trace files from other trace files. If unused, leave this field blank. • Select Verbose. Selecting Verbose provides complete transaction data in the trace files and is necessary

for any trouble shooting. • (If applicable) Select High Capacity. With High Capacity selected, the trace files will be zipped rather than

overwritten when capacity is reached.

o (If applicable) If High Capacity is selected, enter the Files per Zip (between 8 and 64). This is the number of trace files generated before being zipped.

o (If applicable) Enter the Days Cutoff (between 5 and 120). This is the number of days zipped trace files will be kept before they begin to be overwritten. For example, if 5 is entered, zipped trace files will be stored for 5 days. On the sixth day, the first day’s trace files will be overwritten and the trace subsequently lost.

16. Click Apply.

Configuring Offline Mode Offline mode provides additional functionality and security when the UTG cannot connect to the Shift4 Payments data center and any of the following additional scenarios are true:

• A credit card is not EMV enabled. • The device being used to perform a transaction is not EMV enabled. • An EMV chip is not readable on an attended EMV enabled device and fallback mode is initiated.

In Offline mode, the UTG closely mimics online mode by generating a TrueToken on all authorization and sale requests.

If you choose to take advantage of the Stand-in feature when you set up your API interface, you can set a user-defined dollar amount, located beneath the checkbox, called the Floor Limit. With the Floor Limit set, when the UTG is offline, it returns an approval on all authorization and sale requests that are below the Floor Limit and a referral on all authorization and sale requests that are above the Floor Limit.

The UTG will store the transaction requests below the Floor Limit in an encrypted file. Once back online, the UTG will attempt to authorize those transactions. Any transaction that is unable to be authorized will have to be resolved by the auditor. There is obviously a risk to the merchant when enabling this feature as not all of the transactions may be approved once the UTG comes back online. However, the benefits of being able to accept transactions while offline may be worth the risk.

Note: PIN Debit is not available in Offline Mode since it is not possible to validate the PIN number unless the system is online.



To configure Offline Mode, complete the following steps:




4. In the Services section, select the Component Nickname of the service in which you would like to configure offline mode.

5. Select Offline Mode.

6. In the Offline Level section, verify or enter the following information:

• Select one of the following Offline Level options:

o Never: No number of failed transactions will cause UTG to switch to Offline mode. However, on startup, the UTG will operate in offline mode until it connects to the Shift4 Payments data center.

o Low: Transactions will automatically be sent to the offline queue when the UTG detects 3 failed transactions in the past 2 minutes.

o Medium: Transactions will automatically be sent to the offline queue when the UTG detects 5 failed transactions in the past 2 minutes.

o High: Transactions will automatically be sent to the offline queue when the UTG detects 25 failed transactions in the past 5 minutes.

o Custom: Transactions will be automatically sent to the offline queue when the UTG detects the number of failed transactions in the specified time span. When using the Custom level, you must also set the Count and Time Span fields:

Count: Enter the number of failed transactions required before the UTG automatically switches to Offline mode.

Time Span: Enter the timeframe required for the count to be reached before the UTG switches to Offline mode. If the count is not reached within the specified time span, the internal timer automatically resets.

7. In the Offline Options section, select the desired options:

• Return Error on Void if Offline – When this option is selected, it allows an error message (function not supported in offline mode) to be sent when the POS/PMS is attempting to send a void (08) and the UTG is unable to connect to the data center.

• Decline All Non-Bank Cards – When this option is selected, it returns a declined response for all non-bank cards if the UTG goes into Offline Mode.

Telemetry This is intended to represent the telemetry section of UTG TuneUp. But, telemetry is not currently used.

Tip: To get back to the list of components, click Services in the top menu.




Troubleshooting

Running a Shift4 Command Center Downloaded Installation Package on a Windows 10 Machine If the machine on which you are running the Shift4 Command Center downloaded installation package has a Windows® 10 operating system, you may encounter the following message:

If the message above is displayed, complete the following steps:

1. From the Windows Start menu, select Control panel > Programs and Features > Turn Window features on or off.

Tip: You can enter features in the search field to find Windows features on or off quickly.

2. In the Turn Windows features on or off window, locate and select the .NET Framework 4.5 or higher option.



3. Click OK.

4. Verify the required files are downloaded and applied.



5. Verify the changes were successful. When completed, you should see the following window.

6. At this point, you should be able to run the Shift4 Command Center downloaded installation package.



Dealing with Installation Errors If there is a problem during the package installation, such as a connection issue, an installation may fail to complete properly. When an installation fails, an error message will be displayed. However, the UTG and Agent may have been installed on your machine, and you may see the installation show up in Shift4 Command Center. Depending on the error message, you can attempt the installation again, but you will need to consider the following:

• If a message is displayed that the Verification ID you entered failed, check the following:

o Verify that the correct verification ID was provided and entered. o Verify your installation package has not exceeded the Install Period end date. o If your installation package has exceeded the Install Period end date, or the problem persists, you will

need to contact your Shift4 Command Center Administrator.

• If a message is displayed that the Shift4 Installer was unable to complete the installation process successfully, you can try installing the package again, but before you do so, you will need to complete one of the following:

o If you already have an existing UTG on your machine, locate the Shift4 folder and delete the Command Center subfolder.

In order to delete the Command Center folder, you will need to stop the in4m agent service if it is running.

o If the machine does not have an existing UTG, delete the complete Shift4 folder.

In order to delete the Shift4 folder, you will need to stop the UTG (stand-alone or service) and the in4m agent service if they are running.

Verify that the UTG has been deleted. For example, if you are using Windows 10, go to Control Panel > Programs and Features, and look for Universal Transaction Gateway®.

Note: If you have a problem deleting the Command Center subfolder or the Shift4 folder, you may need to stop the UTG and the Agent under Windows Services.



Generating a Certificate for the UTG You can use the Shift4 Certificate Generator application to generate a certificate authority for use in configuring API Interfaces that require a certificate authority, such as the REST API. The Shift4 Certificate Generator application is available at http://www.shift4.com/downloads/shift4certificategenerator.exe.

To use the Shift4 Certificate Generator to build your own certificate, complete the following steps:

1. Download the Shift4 Certificate Generator application.

2. Run the application.

3. In the Shift4 Certificate Generator window, enter the information for all required fields and any desired optional fields. The required fields include the following:

• Subject Common Name – Enter a name for the certificate. • Organization • Locality – Location City. • State/Province – Location State • Country – Location country • The IP address(es) the UTG will listen on for the REST Interface • Select SelfSigned in the CA Self Signed/Intermediate section • Select Server Authentication • Select Client Authentication • Select CRT – The CRT extension is used for certificates. • Select Embed Key • Enter a Password for the certificate. You will need this password during the installation.

4. Set the valid cert dates in the Dates section. This is the amount of time the certificate can be used before having to be renewed.

• From – The date the certificate will go into effect. • To – The date the certificate will no longer be accepted and must be renewed.

5. Select a Key Size:

• 2048 bit: In general, requests using this certificate will be faster. • 4096 bit: In general, requests using this certificate will be more secure but slower.

http://www.shift4.com/downloads/shift4certificategenerator.exe



6. Click Generate.

7. Select a location to store the certificate and click Save.

8. Close the Shift4 Certificate Generator.



Appendix A: Using Micros Bridge If you are using a Micros POS/PMS with Micros3700, 9700, or SimphonyFe devices, Micros Bridge is a requirement for UTG installation and you will need to include the Micros Bridge in your Command Center profile.

To configure Micros Bridge, complete the following steps:

1. Follow the steps listed in the Creating a New Profile section of this document to create a new profile.

2. After you have completed the Configuring a Connected UTG section of this document for the various profile options, complete these additional steps:

• Under the Profiles tab, select Micros Bridge. • Next to Install Micros Bridge, select Yes. • In the Product field, select the desired product. • In the Install Location field, enter the location the Micros software is currently installed. We will need to

know this location for our Micros Bridge installation. • In the Bridge Install Location, enter the file location where you want Micros Bridge to be installed. • Click Apply.

When you have completed creating the profile and the profile is pushed to a machine, the Micros Bridge will be installed as part of the installation and configuration.



Appendix B: Using the Certificate Generator If your POS/PMS needs a consistent certificate each time it connects to the UTG, even after a UTG reboot you can use the Generate Certificate option to generate a persistent certificate. Some API Interfaces require a certificate authority, such as the REST API. This might also be a good option for browser-based POS/PMS systems.

To generate a self-signed certificate authority (CA) that can be used to generate multiple certificates, complete the following steps:

1. Navigate to https://in4m.4tresspos.com and sign in as a user with required permissions. 2. Under the Accounts menu, select the desired account. 3. From the top menu, select Services. 4. In the Services section, select the component(s) for which the certificate will be generated 5. Select API Interfaces. 6. If you have not created a REST or SSL interface for which you would like to generate a certificate, complete the

following steps:

• Click to add an API interface. • From the list, select an SSL interface, such as REST, TCP/IP SSL, or HTTP SSL. • Complete the New API Interface form, with the exception of the Certificate Information section. • Click Add to create the interface. • Click the SSL or REST interface you just created.

7. In the Certificate Information section, click Generate Certificate. 8. In the Common Name field, enter the fully qualified domain name or IP address that clients will use to reach

your server. This is typically the Host Address setting for the interface that you are generating the certificate for.

9. In the Friendly Name field, enter the IP address of the UTG. 10. In the Organization field, enter the exact legal name of your organization. 11. In the Email Address field, enter the email address that you want to appear in the certificate. 12. In the Locality field, enter the city in which the organization is located. 13. In the State/Province field, enter the state or province where your organization is located. 14. In the Country field, enter the country where your organization is located. This is the 2 character ISO country

code value. For example, the United States ISO code is US. 15. In the Subject Alternative Name (SAN) section, enter the following information:

• Edit Party Name – Not used at this time. • Registered ID – Optional

16. Select one of the following and enter the appropriate information.

• DNS – ex. node.TestOrg.com

o Enter the IP address of the UTG o Enter LocalHost

17. In the Miscellaneous section, leave the Serial Number field blank. 18. In the Certificate Generation Options section select one of the following certificate types:

• CA SelfSign – If selected, Command Center will generate a CA Self Signed certificate. The CA Self Signed certificate cannot be used as a certificate in the UTG. It can only be used to sign CA Intermediate or Self Signed certificates.

• CA Intermediate – If selected, the CA Intermediate certificate can be used to sign Self Signed certificates or other CA Intermediate certificates.




• SelfSigned – If selected, the Self Signed certificate can be used as a certificate in the UTG. It should be noted that some websites may not accepted the certificate if not signed by a separate source (a certificate authority). The CA Self Signed and CA Intermediate certificates can be used to sign the Self Signed certificate.

Certificate Flow

Self Signed CA Self Signed

Self Signed

CA Self Signed

CA Intermediate

Self Signed

CA Self Signed

CA Intermediate

CA Intermediate

Self Signed

CA Self Signed – 0 or 1CA Intermediate – 0 or moreSelf Signed – exactly 1

• Server Authentication – Select Server Authentication if the certificate’s intended use is for server-side applications. This is the most common usage and is used to verify server authentication.

• Client Authentication – Select Client Authentication if the certificate’s intended use is to identify clients/users.

19. In the Cert Type section, select one of the following:

• CRT – The CRT extension is used for certificates. The certificates will be encoded as ASCII PEM. The CRT and PEM extensions are nearly synonymous.

• PEM – This is generally not used. The PEM extension is used for certificates. The certificates will be encoded as ASCII PEM. The CRT and PEM extensions are nearly synonymous.

• PFX – This is generally not used. This is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encrypted file.

• Embed Key – This is generally selected. The Embed Key in CRT/PEM option generates a single file containing both the certificate and key. When not selected, generated CRT files will have separate key files, and private/public PEM files will be created.



Note: Depending on the settings selected, a certificate file and a separate private key file may be generated.

20. In the Date section, set the valid cert dates. This is the amount of time the certificate can be used before having to be renewed.

• From – The date the certificate will go into effect. • To – The date the certificate will no longer be accepted and must be renewed.

21. In the Key Size section, select the size of the RSA key to use for certificate generation. RSA 2048 is the standard key size. Selecting RSA 4096 will utilize a larger key for better security, but will require higher CPU utilization.

22. In the Password field, enter a password for the certificate. 23. Click Generate. 24. Schedule a task to update the UTG to complete the process. 25. Click Apply.

shift4 command center reference guide · profile – the name of a profile that may have been...

Documents