Siemens SIMATIC ET 200AL System Manual page 839
Distributed i/o system
Hide thumbs
Also See for SIMATIC ET 200AL:
- System manual (2255 pages) ,
- Manual (86 pages) ,
- Equipment manual (46 pages)
Table of Contents
Advertisement
Important: The IP address of the client program has to be stored in the "Subject Alternative
Name" field of the created certificate; otherwise, the CPU will not accept the certificate.
The information you enter is added to the certificate. The figure below shows the command
line with the command and the output of OpenSSL:
The command creates a file in the C:\demo directory containing the Certificate Signing
Request (CSR); in the example, this is "myRequest.csr".
Using the CSR
There are two ways to use a CSR:
● You send the CSR to a certificate authority (CA): Please note the instructions of the
certificate authority in question. The certificate authority (CA) checks your information and
identity (authentication) and signs the certificate with the private key of the certificate
authority. You receive the signed X.509 certificate and use this certificate for OPC UA,
HTTPS or Secure OUC (secure open user communication), for example. Your
communication partners use the public key of the certificate authority to check whether
your certificate was really issued and signed by that CA (i.e. that the certificate authority
has confirmed your information).
● You sign the CSR yourself: Using your private key. This option is shown in the next step.
Signing the certificate yourself
Enter the following command so that you can generate and sign your certificate (self-signed
certificate) yourself: "x509 -req -days 365 -in myRequest.csr -signkey myKey.key -out
myCertificate.crt". "
The figure below shows the command line with the command and OpenSSL:
The command generates an X.509 certificate with the attributes that you transfer with the
CSR (in the example "myRequest.csr"), for example with a validity of one year (-days 365).
The command also signs the certificate with your private key ("myKey.key" in the example).
Your communication partners can use your public key (contained in your certificate) to check
whether your certificate is really from you. This rules out your certificate having been
manipulated by an attacker.
With self-signed certificates, you yourself confirm that the information in your certificate is
correct. There is no independent body that checks your information.
Communication
Function Manual, 12/2017, A5E03735815-AF
OPC UA communication
9.2 Security at OPC UA
153
Advertisement
Chapters
Table of Contents
