Secure Web Server Access; Rtutil500 Configuration - ABB RTU500 series User Manual

RTU500 series Remote Terminal Unit

7 Secure Web server access

7.1 RTUtil500 configuration

For secure access, the RTU500 series Web server supports Hypertext Transfer Protocol Secure
(HTTPS). HTTPS is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to
provide encryption and secure identification of the server. Detailed information about HTTPS could
be found in RFC2818 "HTTP Over TLS".
For the identification the RTU500 series Web server uses as default self-signed public key certificates
not issued by a certification authority (CA). The default self-signed certificates are created at startup
depending on the configuration. In addition the RTU500 series Web server supports the upload of
external generated HTTPs certficates. This allows to use trusted certificates issued by a certification
authority (CA).
Client authentication with user certificates is not supported by the RTU500 series. The authentication
of the user is ensured by a user name and a password.
For security reasons, the web client has to be closed after each working session. This prevents
the usage of supplied user names and passwords by unauthorized persons.
The following chapters describe configuration, access and certificate handling for the secured
RTU500 series Web server.
The configuration parameters for the Web server access are defined for each CMU respectively
Ethernet interface within an RTU. The following parameters are configurable within RTUtil500:
• Option to disable the Web server on selected Ethernet interfaces. This is possible in single and
multiple CMU systems. The Web server must be enabled on at least one Ethernet interface to
be able to access the RTU at all. The Web server is enabled on all Ethernet interfaces by de-
fault.
• Option to secure the Web server access with HTTPS. This option can be selected on each
CMU. The HTTPS option is enabled by default
• Define the authentication type for the secure Web server. Possible are the default self-signed
certificate or an uploaded external certificate stored in the certificate store of the CMU.
• Set an entry in the certificate store of the CMU to upload external HTTPS certificates for the
Web server authentication.
In RTUtil500 the option to disable the Web server is placed at the CMU in the configuration tab of the
Ethernet interface, e.g." E1" (Hardware tree only). The figure below shows the option in the RTUtil500
user interface. The Web server is disabled by deselecting the checkbox "Enable Web server".
A D V I C E
Secure Web server access
RTUtil500 configuration
ABB AG - 1KGT 150 924 V000 1 | 7-1