Siemens SIMATIC S7-1500 Function Manual page 155

OPC UA communication
9.2 Security at OPC UA
7. Generate a private key. Save the key to the "myKey.key" file. The key in this example is
1024 bits long; for greater RSA security, use 2048 bits in practice. Enter the following
command: "genrsa -out myKey.key 2048" ("genrsa -out myKey.key 1024" in the
example). The figure below shows the command line with the command and the output of
OpenSSL:
8. Generate a CSR (Certificate Signing Request). To do this, enter the following command:
"req -new -key myKey.key -out myRequest.csr". During execution of this command,
OpenSSL queries information about your certificate:
– Country name: for example "DE" for Germany, "FR" for France
– State or province name: for example "Bavaria".
– Location Name: for example "Augsburg".
– Organization Name: Enter the name of your company.
– Organizational Unit Name: for example "IT"
– Common Name: for example "OPC UA client of machine A"
– Email Address:
Note
Note for S7-1500 CPU as server with firmware version V2.5
The IP address of the client program has to be stored in the "Subject Alternative Name" field
of the created certificate for S7-1500 CPUs version V2.5 (only for this version); otherwise,
the CPU will not accept the certificate.
The information you enter is added to the certificate. The figure below shows the command
line with the command and the output of OpenSSL:
The command creates a file in the C:\demo directory containing the Certificate Signing
Request (CSR); in the example, this is "myRequest.csr".
154
Function Manual, 11/2019, A5E03735815-AH
Communication