Generating Pki Key Pairs And Certificates Yourself - Siemens SIMATIC ET 200AL System Manual
Distributed i/o system
Hide thumbs
Also See for SIMATIC ET 200AL:
- System manual (2255 pages) ,
- Manual (86 pages) ,
- Equipment manual (46 pages)
Table of Contents
Advertisement
8. The program generates for "MyClient":
– The "MyClient" certificate with the public key of the client in the "certs" subfolder
– The private key of the client in the "private" subfolder.
"MyClient" is only an example. Let us assume that your OPC UA client is called
"SuperClient". Then enter the following string in the command prompt:
"Opc.Ua.CertificateGenerator -cmd issue -sp . -an SuperClient". The figure below shows
the entry in the command line:
Help with other generator versions
The description is based on the "Opc.Ua.CertificateGenerator" of the OPC Foundation dated
25 June 2015. A different entry can be required for other versions of the generator. To obtain
information about the required entry follow these steps:
1. Enter the following command in the command prompt: "Opc.Ua.CertificateGenerator -?"
The help is displayed.
2. Use the options that are entered under "Create a self-signed Application Certificate".
9.2.5
Generating PKI key pairs and certificates yourself
This section is only relevant if you want to use an OPC UA client that cannot itself create a
PKI key pair and a client certificate. In this case, you generate a private and a public key
using OpenSSL, generate an X509 certificate, and sign the certificate yourself.
Using OpenSSL
OpenSSL is a tool for generating certificates. You can also use other tools, for example
XCA, a type of key management software with a graphical user interface for an improved
overview of certificates issued.
To work with OpenSSL under Windows, follow these steps:
1. Install OpenSSL under Windows. If you are using a 64-bit version of the operating
system, install OpenSSL in the "C:\OpenSSL-Win64" directory, for example. You can
obtain OpenSSL-Win64 as a download from various providers for open source software.
2. Create a directory, for example "C:\demo".
3. Open the command line (cmd.exe). To do so, click "Start" and enter "cmd" in the search
field. Right-click "cmd.exe" in the results list and run the program as an administrator.
Windows then opens the command line (DOS prompt)
Communication
Function Manual, 12/2017, A5E03735815-AF
OPC UA communication
9.2 Security at OPC UA
151
Advertisement
Chapters
Table of Contents
