Setting And Loading Gds Parameters - Siemens SIMATIC ET 200AL System Manual

9.2.7.3

Setting and loading GDS parameters

The following describes the settings required for the certificate update.
Requirement
• STEP 7 (TIA Portal) V17 or higher
• S7-1500 CPU firmware V2.9 or higher
• Timet/date of the CPU is set (generally applies to certificate-based communication)
• The OPC UA server is enabled.
• At least one endpoint with the "Sign & Encrypt" security policy must be configured. The
partner must use this endpoint.
• An authenticated user with sufficient function rights is configured
The user must have a role that has the function right "Manage certificates".
This function right, in turn, has the following requirements:
– Project protection must be enabled in the project tree: Project tree: "Security settings
– In the "OPC UA > General" area of the CPU settings, the following general user
The Users and roles with OPC UA function rights (Page 238) section describes how to set the
function rights.
Activating GDS
When the requirements listed above are met, you must still enable the GDS:
1. In the Inspector window (CPU parameters), go to the "OPC UA > Server > General" area.
2. Enable the "Enable Global Discovery Services (Push)" option.
Determining the certificate store used
Certificates that are managed using GDS, are in a different memory area than the certificates
that are downloaded via the TIA Portal (STEP 7). When GDS is enabled, the OPC UA server of
the CPU should also use certificates from the certificate store whose certificates are managed
during runtime.
1. In the CPU settings, go to the "OPC UA > Server > Security > Certificates" area.
2. Select the option "Use certificates managed by certificate management server during
runtime".
The other option (use certificates configured and downloaded using TIA Portal) uses the
certificates that are downloaded to the CPU from the TIA Portal with the configuration in
CPU STOP. Certificates or trust lists cannot be updated in this certificate store during
runtime.
Communication
Function Manual, 05/2021, A5E03735815-AJ
> Settings > Project protection".
management setting must be enabled: "Enable additional user management via project
security settings"
OPC UA communication
9.2 Security at OPC UA
189