Siemens SIMATIC RF185C Operating Instructions Manual page 73

Parameter
Generate OPC UA
server certificate
Validate certificates
Accept
expired
certificates
No strict
validation
OPC UA client certificates
The "OPC UA client certificates" area contains a list of all existing user certificates. To
display details of a certificate, select the required certificate in the list. The selected
certificate field is highlighted in color.
Client certificates displayed in red have not yet been classified as trustworthy by the OPC
UA server. A client using such a certificate cannot yet establish a valid connection to the
server. Client certificates displayed in black have already been accepted and are classified
as trustworthy by the OPC UA server.
With a certificate shown in red, click the "Accept" button to classify the certificate as
trustworthy. The cover of the certificate then changes to black. Click the "Delete" button to
delete an existing selected certificate. Click the "Update" button to update the list.
SIMATIC RF185C, RF186C, RF188C
Operating Instructions, 10/2018, C79000-G8976-C512-01
Description
Button for creating an OPC UA server certificate.
Among other things the server certificate serves to identify the OPC UA server
to the OPC UA client.
The OPC UA server certificate contains the application name, the security
profile and the IP address of the communications module. If any part of this
information is changed, the server certificate needs to be recreated.
Note: Note that the procedure can take several minutes.
If the check box is selected, the communications module generally checks the
certificate of the communications partner. If the partner certificate is invalid or
not trustworthy, communication is aborted.
If the check box is selected, the communications module checks the certificate
of the communications partner. If the current internal communications module
time is outside the period of validity of the partner certificate, this is neverthe-
less allowed and communication established.
If the check box is selected, the communications module also allows commu-
nication in the following situations:
The IP address of the communications partner is not identical to the IP
•
address in its certificate.
Note: The OPC UA server does not check the IP address of its communi-
cations partner (client).
The use stored in the certificate (OPC UA client/server) differs from the
•
function (OPC UA client/server) of the communications partner.
The current internal communications module time is outside the period of
•
validity of the partner certificate.
Regardless of these exceptions, to establish a connection at least the follow-
ing requirements must be met:
The application URI sent by the requesting client must match the URI of
•
the server application of the communications module.
If the partner certificate is not trustworthy, the communications module
•
must at least have stored a self-signed certificate of the partner.
If the partner certificate was issued by multiple CAs (Certification Authori-
•
ties), all CAs must be stored in the certificate store of the communications
module.
Configuring with the WBM
7.3 The menu items of the WBM
73