Certificates - Siemens SIMATIC NET SCALANCE S615 Configuration Manual

Technical basics
2.5 Security functions
2.5.3

Certificates

Certificate types
The device uses different certificates to authenticate the various nodes.
Certificate
CA certificate The CA certificate is a certificate issued by a Certificate Authority from
which the server, device and partner certificates are derived. To allow a
certificate to be derived, the CA certificate has a private key signed by the
certificate authority.
The key exchange between the device and the VPN gateway of the partner
takes place automatically when establishing the connection. No manual
exchange of key files is necessary.
Server certificate Server certificates are required to establish secure communication (e.g.
HTTPS, VPN...) between the device and another network node. The server
certificate is an encrypted SSL certificate. The server certificate is derived
from the oldest valid CA, even if this is "out of service". The crucial thing is
the validity date of the CA.
Device certificate Certificates with the private key (key file) with which the device identifies
itself.
Partner certificate Certificates with which the VPN gateway of the partner identifies itself with
the device.
File types
File type
*.crt
*.p12
*.pem
32
Description
File that contains the certificate.
In the PKCS12 certificate file, the private key is stored with the corresponding certif-
icate and is password protected.
The CA creates a certificate file (PKCS12) for both ends of a VPN connection with
the file extension ".p12". This certificate file contains the public and private key of
the local station, the signed certificate of the CA and the public key of the CA.
Certificate and key as Base64-coded ASCII text.
Is used in...
IPsecVPN (Page 164)
SINEMA RC (Page 121)
IPsecVPN (Page 164)
IPsecVPN (Page 164)
SCALANCE S615 Web Based Management
Configuration Manual, 05/2015, C79000-G8976-C388-02