Example: Http Over Tls - Siemens SIMATIC ET 200AL System Manual

Secure Open User Communication to a mail server (SMTP over TLS)
An S7-1500 CPU can establish a secure connection to an e-mail server with the
communication instruction TMAIL-C.
The system data types TMail_V4_SEC and TMail_QDN_SEC allow you to determine the partner
port of the e-mail server and thus to reach the e-mail server via "SMTP over TLS".
Figure 3-13
Requirement for secure e-mail connection is the importing of the root certificate and the
intermediate certificates of the mail server (provider) into the global certificate memory of
the S7-1500 CPU. By means of these certificates the CPU can check the server certificate that
is sent by the mail server during the establishment of the TLS connection / session.
Proceed as follows to import certificates of the mail server:
1. Open the certificate manager in the global security settings in the project tree.
2. Select the appropriate table (trusted certificates and root certificate authorities) for the
certificate to be imported.
3. Right-click in the table to open the shortcut menu. Click "Import" and import the required
certificate or the required CA certificates.
As a result of the import, the certificate has a certificate ID assigned to it and can be
assigned to a module in the next step.
4. Mark PLC_1 and navigate to the "Certificates of partner devices" table in the "Protection &
Security" section.
5. Click in an empty line in the "Certificate subject" column to add the imported certificates.
6. Select the required CA certificates of the communication partner from the drop-down list
and confirm the selection.
In the next step you have to create the user programs for the e-mail client function of the
CPU and load the configurations together with the program.
3.6.1.6

Example: HTTP over TLS

The following paragraphs show how the mechanisms described are used to establish a secure
communication between a Web browser and the Web server of an S7-1500 CPU.
Initially the changes for the "Permit access only with HTTPS" option in STEP 7 are described.
As of STEP 7 V14 you have the possibility to influence the server certificate of the Web server
of an S7-1500 CPU as of firmware V2.0: The server certificate is generated as of these
versions with STEP 7.
In addition it illustrates the processes that are executed when a website of the CPU Web
server is called with a Web browser of a PC through an encrypted HTTPS connection.
Communication
Function Manual, 05/2021, A5E03735815-AJ
Secure OUC between a S7-1500 CPU and a mail server
Communications services
3.6 Secure Communication
57