Siemens SIMATIC S7-1500 Function Manual page 193

OPC UA communication
9.3 Using the S7-1500 as an OPC UA server
Explanation of fields for certificate generation
● CA
Select whether the certificate is to be self-signed or signed by one of the CA certificates
of the TIA Portal. The certificates are described under "Certificates with OPC UA". If you
want to generate a certificate that is to be signed by one of the CA certificates of the
TIA-Portal, the project must be protected and you must be logged in as a user with all the
required function rights. Further information can be found under "Basics of user
administration in the TIA Portal".
● Certificate holder
The default setting always consists of the name of the project and "\OPCUA-1". In the
example, the project name is "PLC1". In the properties of the CPU set the project name
under "General > Project information" > Name". Keep the default or enter a different
name that is more meaningful for the OPC-UA server under "Certificate holder".
● Signature
Here you select the hash and encryption process that is to be used when signing the
server certificate. The following entries are available:
– "sha1RSA",
– "sha256RSA".
● Valid from
Here you enter the date and time for the beginning of the validity of the server certificate.
● Valid until
Here you enter the date and time for the end of the validity of the server certificate.
Ensure that the certificate is valid not only for one year or a few years. In the example the
certificate is valid for 30 years. However, for reasons of security you should renew the
certificate at much shorter intervals. The long period of validity gives you the opportunity
to decide when a suitable moment would be, for example, when the system is being
serviced.
192
Function Manual, 11/2019, A5E03735815-AH
Communication