Using Self-Created Certificates - Siemens SINAMICS S120 Function Manual

7.28.11.3

Using self-created certificates

If no Certification Authority (CA) is available in your organization, you can follow the steps
described in the following section. The key files are created with the aid of the "OpenSSL"
program and an EXE file. If OpenSSL is not installed on your PC, you can download this
program from the following Internet site and install it free-of-charge:
http://openssl.org/
Note
It is assumed that OpenSSL is installed to C:\OpenSSL. If another path is selected, this path
must be transferred to the tool when called with the option "-o".
Sequence
1. Create a folder with any name on your local drive, e.g. "C:\MySSL".
2. Copy the "cert.exe" tool to the created folder.
3. Execute the tool with the following options: "cert -c -s -p".
4. Copy the server certificate (e.g. MWSSLCert.pem) and the private server key (e.g.
Drive functions
Function Manual, (FH1), 04/2014, 6SL3097-4AB00-0BP4
The tool is located on the SINAMICS memory card in the
"ADDON\SINAMICS\IT_TOOLS" folder.
Example: "cert -c 169.254.11.5 -s -p"
A Certification Authority is created, after which a private server key and a server
certificate are generated and the certificate signed.
The following files are stored in the folder (e.g. "C:\MySSL"):
"c:\MySSL\CA\ITDiagRootCA.crt"
"c:\MySSL\CA\ITDiagRootCA.key"
"c:\MySSL\out\<IP address>\<IP addr>.SSL.crt"
"c:\MySSL\out\<IP address>\<IP addr>.SSL.key"
Note
For help with calling, use option -h: "cert -h".
SSL.key) to the memory card of your device (\OEM\SINAMICS\HMICFG\CERTSTORE).
In order to copy the data to the memory card, you need a memory card reader/writer.
Note
If you want to generate the server certificate automatically from the Web server, only copy
the root certificate and the private root key (e.g. ITDiagRootCA.key) to the memory card.
Basic functions
7.28 Web server
421