Secure Ouc Via Cp Interface - Siemens SIMATIC ET 200AL System Manual
Distributed i/o system
Hide thumbs
Also See for SIMATIC ET 200AL:
- System manual (2255 pages) ,
- Manual (86 pages) ,
- Equipment manual (46 pages)
Table of Contents
Advertisement
Open User Communication
6.11 Secure Open User Communication
6.11.4
Secure OUC via CP interface
The following sections describes the particular points to be taken into consideration in the
case of Secure Open User Communication via a CP interface. At least one station is an S7-
1500 station with the following modules:
● S7-1500 CPU as of firmware version V2.0 (with the exception of S7-1500 Software
Controller)
● CP 1543-1 as of firmware version V2.0 or CP 1543SP-1 as firmware version V1.0
The CP acts in an S7-1500 station as a TLS client (active connection establishment) or a
TLS server (passive connection establishment).
The fundamental procedure and the concept for using secure communication via a CP
interface is similar to that of secure communication via the interfaces of the S7-1500 CPUs.
Essentially, you have to assign the certificates to the CPU in the role of a TLS server or TLS
client and not to the CPU. Other rules and procedures therefore apply. These are described
below.
Handling certificates for CPs
The following applies in general: You have to be logged on at the certificate manager in the
global security settings. The generation of self-signed certificates also requires logon for the
global security settings. You have to have sufficient rights as a user (administrator or user
with the "Standard" role with the right to "Configure security").
The starting point for the generation or assignment of certificates at the CP is the section
"Security > Security properties". In this section, you log on for the global security settings.
Procedure:
1. In the network view of STEP 7, mark the CP and select the section "Security > Security
properties" in the Inspector window.
2. Click on the "User logon" button.
3. Log on using your user name and password.
4. Enable the "Activate security functions" option.
The security properties are initialized.
5. Click in the first line of the "Device certificates" table to generate a new certificate or
select an existing device certificate.
6. If the communication partner is also an S7-1500 station, you also have to assign a device
certificate to the communication partner with STEP 7 as described here or for the S7-
1500 CPU.
102
Function Manual, 12/2017, A5E03735815-AF
Communication
Advertisement
Chapters
Table of Contents
