Communications services
3.6 Secure Communication
Communication
Function Manual, 12/2017, A5E03735815-AF
51
Proceed as follows to add the self-signed certificate of the communication partner of the
CPU:
1. Mark PLC_1 and navigate to the "Certificates of partner devices" table in the "Protection
& Security" section.
2. Click in an empty line in the "Certificate subject" column in the "Device certificates" table
to add a new certificate.
3. Select the self-signed certificate of the communication partner from the drop-down list
and confirm the selection.
In the next step you have to create the user programs for the data exchange and load the
configurations together with the program.
Secure Open User Communication between S7-1500 CPU as a TLS client and an external device as
a TLS server
Two devices are to exchange data with each other via TLS connection or TLS session, for
example, exchanging recipes, production data or quality data:
● An S7-1500 CPU (PLC_1) as TLS client; the CPU uses Secure Open User
Communication
● An external device, for example a Manufacturing Execution System (MES), as TLS server
The S7-1500 CPU establishes the TLS connection / session to the MES system as TLS
client.
The S7-1500 CPU requires the CA certificates of the MES system to authenticate the TLS
server: The root certificate and, if appropriate, the intermediate certificates for verifying the
certificate path.
You have to import these certificates into the global certificate memory of the S7-1500 CPU.
Proceed as follows to import certificates of the communication partner:
1. Open the certificate manager in the global security settings in the project tree.
2. Select the appropriate table (trusted certificates and root certificate authorities) for the
certificate to be imported.
To Next Page
Loading...
