Certificates With Opc Ua - Siemens SIMATIC ET 200AL System Manual

9.2.3

Certificates with OPC UA

Usage of X509 certificates with OPC UA
OPC UA uses various types of X.509 certificates for establishing a connection from client to
server:
• OPC UA application certificates
Such X.509 certificates identify the software instance, the installation of client or server
software. For the "Organization name" attribute, you enter the name of the company that
uses the software.
Note
The OPC UA server of the S7-1500 uses application certificates even for the security
setting "None" (no security). This ensures compatibility to OPC UA V1.1 and earlier
versions.
• OPC UA software certificates
This X-509 certificate identifies a specific version of the client or server software. These
certificates contain attributes that describe which tests this version of the software has
passed during certification by the OPC Foundation (or recognized test laboratories). For
the "Organization name" attribute, you enter the name of the company that has
developed or markets the software.
Note
Software certificates are not supported in STEP 7.
• OPC UA user certificates
This X.509 certificate identifies the specific user who, for example, retrieves process data
from the OPC UA server. This certificate is not required if the user can authenticate itself
with a password, or if anonymous access is configured.
Note
User certificates are not supported in STEP 7.
The described certificates are end-entity certificates: They identify, for example, a person, an
organization, a company or an instance (installation) of a software.
Communication
Function Manual, 05/2021, A5E03735815-AJ
OPC UA communication
9.2 Security at OPC UA
177