Siemens SIMATIC RF650R Configuration Manual page 83

Parameter
Validate certificates
Accept
expired
certificates
No strict
validation
OPC UA client certificates
The "OPC UA client certificates" area contains a list of all existing user certificates. To
display details of a certificate, select the required certificate in the list. The selected
certificate field is highlighted in color.
Client certificates displayed in red have not yet been classified as trustworthy by the OPC
UA server. The client of such a certificate cannot yet establish a valid connection to the
server. Client certificates displayed in black have already been accepted and are classified
as trustworthy by the OPC UA server.
With a certificate shown in red, click the "Accept" button to classify the certificate as
trustworthy. The cover of the certificate then changes to black. Click the "Delete" button to
delete an existing selected certificate. Click the "Update" button to update the list.
Import OPC UA server certificate
In the "Import OPC UA server certificate" area you can transfer server certificate files (*.der)
and server certificate key files for the OPC UA server to the reader. Remember that you first
need to import the data into the reader before you can activate it.
Using the server certificates, you can integrate the reader in your specific security
infrastructure. Certificates are used to check the identity of a person or a device, to
authenticate a service or to encrypt files. You can create your own certificates or use official
certificates created by a certification authority.
SIMATIC RF650R/RF680R/RF685R
Configuration Manual, 03/2018, C79000-G8976-C386-06
Description
If the check box is selected, the reader generally checks the certificate of the
communications partner. If the partner certificate is invalid or not trustworthy,
communication is aborted.
If the check box is selected, the reader checks the certificate of the communi-
cations partner. If the current internal reader time is outside the period of valid-
ity of the partner certificate, this is nevertheless allowed and communication
established.
If the check box is selected, the reader also allows communication in the fol-
lowing situations:
The IP address of the communications partner is not identical to the IP
•
address in its certificate.
Note: The OPC UA server does not check the IP address of its communi-
cations partner (client).
The use stored in the certificate (OPC UA client/server) differs from the
•
function (OPC UA client/server) of the communications partner.
The current internal reader time is outside the period of validity of the part-
•
ner certificate.
Regardless of these exceptions, to establish a connection at least the follow-
ing requirements must be met:
The application URI sent by the requesting client must match the URI of
•
the server application of the reader.
If the partner certificate is not trustworthy, the reader must at least have
•
stored a self-signed certificate of the partner.
If the partner certificate was issued by several CAs (Certification Authori-
•
ties), all CAs must be stored in the certificate store of the reader.
Configuring with the WBM
7.3 The menu items of the WBM
83