# Appendix

# Security Requirements

This article provides a summary of the security requirements necessary when using any of the Fire Station+ products (such as the Department Hub).

### Domains and IP Addresses

The following domains used by Fire Station+

- hub.firestationsoftware.com
- id.firestationsoftware.com
- apparatus-checks.platform.firestationsoftware.com
- field-reports.firestationsoftware.com

The following IP addresses are used by Fire Station+

- 159.89.244.89
- 45.55.64.197
- 45.55.69.140
- 45.55.66.17
- 159.203.150.119
- 159.65.33.78

<p class="callout warning">This list is subject to change.</p>

---

### Certificate Trust

Fire Station+ uses HTTPS to encrypt data sent over the internet. The SSL certificate used to establish a trusted connection is distributed by Let's Encrypt. Your computer must include the ISRG Root X1 certificate as a trusted root CA certificate. This should be included automatically, under most circumstances.

If you need to install this certificate, it can be downloaded using the following link:

[https://letsencrypt.org/certs/isrgrootx1.pem](https://letsencrypt.org/certs/isrgrootx1.pem)

The SHA-1 fingerprint of this certificate is:

```
CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
```

If this certificate is not trusted you may see an error stating that "The SSL Connection could not be established".

[![1-error.png](https://docs.firestationsoftware.com/uploads/images/gallery/2024-08/scaled-1680-/1-error.png)](https://docs.firestationsoftware.com/uploads/images/gallery/2024-08/1-error.png)

---

### TLS/HTTPS Requirements

Fire Station+ is compatible with TLS 1.2 or TLS 1.3 and supports the following ciphers.

- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-CHACHA20-POLY1305
- DHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-SHA384