Handling Of The Client Certificates Of The S7-1500 Cpu - Siemens SIMATIC ET 200AL System Manual
Distributed i/o system
Hide thumbs
Also See for SIMATIC ET 200AL:
- System manual (2255 pages) ,
- Manual (86 pages) ,
- Equipment manual (46 pages)
Table of Contents
Advertisement
OPC UA communication
9.3 Using the S7-1500 as an OPC UA server
To enable the security setting click the check box in the relevant line.
Note
If you use the settings "Basic256Sha256 -Sign" and "Basic256Sha256 -Sign & Encrypt", the
OPC UA server and OPC UA clients must use "SHA256"-signed certificates.
For the settings "Basic256Sha256 -Sign" and "Basic256Sha256 -Sign & Encrypt", the
certificate authority of STEP 7 automatically signs the certificates with "SHA256".
9.3.2.6
Handling of the client certificates of the S7-1500 CPU
Where does the client certificate come from?
If you are using the OPC UA client of an S7-1500 CPU (OPC UA client enabled), you can
create certificates for these clients with STEP 7 V15 and higher as described in the following
sections.
When you use UA clients from manufacturers or the OPC Foundation, a client certificate is
generated automatically during installation or upon the first program call. You have to import
these certificates with the global certificate manager in STEP 7 and use them for the
respective CPU.
When you program an OPC UA client yourself, you can have the certificates generated by
the program; see the section "Instance certificate for the client (Page 138)". Alternatively,
you can generate certificates with tools, for example with OpenSSL or the certificate
generator of the OPC Foundation:
● The procedure for OpenSSL is described here: "Generating PKI key pairs and certificates
yourself (Page 151)".
● Working with the certificate generator of the OPC Foundation is described here: "Creating
self-signed certificates (Page 150)".
Certificate of the OPC UA client of the S7-1500 CPU
A secure connection between the OPC UA server and an OPC UA client is only established
if the server classifies the certificate of the client as trusted.
Therefore you have to make the client certificate known to the server.
The following sections describe how you can initially generate a certificate for the OPC UA
Client of the S7-1500 CPU and then make it available to the Server.
1. Generate and export a certificate for the client
For a secure connection you have to generate a client certificate and export the certificate.
To do this, follow these steps:
1. In the "Project tree" area, select the CPU you want to use as a client.
2. Double-click "device configuration".
172
Function Manual, 12/2017, A5E03735815-AF
Communication
Advertisement
Chapters
Table of Contents
