Siemens SIMATIC ET 200AL System Manual page 1176
Distributed i/o system
Hide thumbs
Also See for SIMATIC ET 200AL:
- System manual (1585 pages) ,
- Manual (86 pages) ,
- Equipment manual (46 pages)
Table of Contents
Advertisement
Secure Open User Communication between S7-1500 CPU as a TLS client and an external device
as a TLS server
Two devices are to exchange data with each other via TLS connection or TLS session, for
example, exchanging recipes, production data or quality data:
• An S7-1500 CPU (PLC_1) as TLS client; the CPU uses Secure Open User Communication
• An external device, for example a Manufacturing Execution System (MES), as TLS server
The S7-1500 CPU establishes the TLS connection / session to the MES system as TLS client.
①
②
The S7-1500 CPU requires the CA certificates of the MES system to authenticate the TLS
server: The root certificate and, if appropriate, the intermediate certificates for verifying the
certificate path.
You have to import these certificates into the global certificate memory of the S7-1500 CPU.
Proceed as follows to import certificates of the communication partner:
1. Open the certificate manager in the global security settings in the project tree.
2. Select the appropriate table (trusted certificates and root certificate authorities) for the
certificate to be imported.
3. Right-click in the table to open the shortcut menu. Click "Import" and import the required
certificate or the required CA certificates.
Through the import the certificate has a certificate ID assigned to it and can be assigned to
a module in the next step.
4. Mark PLC_1 and navigate to the "Certificates of partner devices" table in the "Protection &
Security" section.
5. Click in an empty line in the "Certificate subject" column to add the imported certificates.
6. Select the required CA certificates of the communication partner from the drop-down list
and confirm the selection.
Optionally the MES system can also request a device certificate of the CPU to authenticate the
CPU (i.e., the TLS client). In this case, the CA certificates of the CPU must be made available to
the MES system. The prerequisite for importing the certificates into the MES system is a
preceding export of the CA certificates from the STEP 7 project of the CPU. Follow these
steps:
1. Open the certificate manager in the global security settings in the project tree.
2. Select the matching table (CA certificate) for the certificate to be exported.
Communication
Function Manual, 05/2021, A5E03735815-AJ
TLS client
TLS server
Communications services
3.6 Secure Communication
55
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
Chapters
Table of Contents
