Siemens SIMATIC ET 200AL System Manual page 1205

Communications services
3.6 Secure Communication
Settings at the TLS client
To set up a secure TCP connection in the TLS client, follow these steps:
1. Create a global data block in the project tree.
2. Define a tag of the data type TCON_IP_4_SEC in the global data block. To do so, enter the
string "TCON_IP_V4_SEC" in the "Data type" field.
The example below shows the global data block "Data_block_1" in which the tag "SEC
connection 1 TLS-Client" of the data type TCON_IP_V4_SEC is defined.
The Interface ID has the value of the HW identifier of the IE interface of the local CP (TLS
client).
Figure 3-29 IP_V4_SEC_Client
3. Set the connection parameters of the TCP connection in the "Start value" column. For
example, enter the IPv4 address of the TLS server for "RemoteAddress".
4. Set the parameters for secure communication in the "Start value" column.
– "ActivateSecureConn": Activation of secure communication for this connection. If this
– "TLSServerCertRef": Enter the value 2 (reference to the CA certificate of the TIA Portal
– "TLSClientCertRef": ID of the own X.509-V3 certificate.
84
parameter has the value FALSE, the subsequent security parameters are irrelevant. You
can set up a non-secure TCP or UDP connection in this case.
project (SHA256) or the value 1 (reference to the CA certificate of the TIA Portal project
(SHA1)). If you use a different CA certificate, enter the corresponding ID from the
certificate manager of the global security settings.
Function Manual, 05/2021, A5E03735815-AJ
Communication