Siemens SIMATIC S7-1500 Function Manual page 47

Communications services
3.6 Secure Communication
When you double-click "User login" in the project tree below the global security settings and
log in, a line called "Certificate manager" is displayed, among other data.
When you double-click the "Certificate manager" line, you obtain access to all the certificates
in the project, divided into the tabs "CA" (certificate authorities), "Device certificates" and
"Trusted certificates and root certificate authorities".
Private keys
STEP 7 generates private keys while generating device certificates and server certificates
(end-entity certificates). The location where the private key is stored encrypted depends on
the use of the global security settings for the certificate manager:
● If you use global security settings, the private key is stored encrypted in the global
(project-wide) certificate memory.
● If you do not use global security settings, the private key is stored encrypted in the local
(CPU-specific) certificate memory.
The existence of the private key, which is required to decrypt data, for example, is displayed
in the "Private key" column of the "Device certificates" tab of the certificate manager in the
global security settings.
When the hardware configuration is loaded, the device certificate, the public key as well as
the private key are loaded into the CPU.
NOTICE
The "Use global security settings for certificate manager" option influences the previously
used private key: If you have already created certificates without using the certificate
manager in the global security settings and then change the option for using the certificate
manager, the private keys are lost and the certificate ID can change. A warning draws your
attention to this fact. Therefore specify at the beginning of the project configuration which
option is required for the certificate manager.
46
Function Manual, 11/2019, A5E03735815-AH
Communication