Siemens SIMATIC ET 200AL System Manual page 1180

Supplying a Web browser with a CA certificate of the Web server
In the Web browser the user who accesses the websites of the CPU through HTTPS should
install the CA certificate of the CPU. If no certificate is installed, a warning is output
recommending that you do not use the page. To view this page, you must explicitly "Add an
exception".
The user receives the valid root certificate for download from the "Intro" Web page of the CPU
Web server under "Download certificate".
STEP 7 offers a different possibility: Export the CA certificate of the project with the certificate
manager into the global security settings in STEP 7. Subsequently import the CA certificate
into the browser.
Course of the secure communication
The figure below shows, in simplified terms, how communication is established
("handshake") focusing on the negotiation of keys used for data exchange (here with HTTP
over TLS).
However, the course can be applied to all communication options that are based on the
usage of TLS, i.e. also for Secure Open User Communication (see Basics for secure
communication).
Figure 3-14
Communication
Function Manual, 05/2021, A5E03735815-AJ
Handshake with https
Communications services
3.6 Secure Communication
59