Communications services
3.6 Secure Communication
Communication
Function Manual, 12/2017, A5E03735815-AF
53
Secure Open User Communication between an S7-1500 CPU as TLS server and an external device
as TLS client
If the S7-1500 CPU acts as TLS server and the external device, for example an ERP system
(Enterprise Resource Planning System) establishes the TLS connection / session, you
require the following certificates:
● For the S7-1500 CPU, you generate a device certificate (server certificate) with a private
key and download it with the hardware configuration into the S7-1500 CPU. You use the
"Signed by certificate authority" option when generating the server certificate.
The private key is required for the key exchange as explained in the figure for the
example "HTTP over TLS".
● You have to export the CA certificate of the STEP 7 project for the ERP system and
import / load it into the ERP system. With the CA certificate the ERP system verifies the
server certificate of the S7-1500 that was transferred from the CPU to the ERP system
during the establishment of the TLS connection / session.
Figure 3-12 Secure OUC between an S7-1500 CPU and ERP system
The required steps are described in the preceding sections.
Secure Open User Communication to a mail server (SMTP over TLS)
An S7-1500 CPU can establish a secure connection to an e-mail server with the
communication instruction TMAIL-C.
The system data types TMail_V4_SEC and TMail_QDN_SEC allow you to determine the
partner port of the e-mail server and thus to reach the e-mail server via "SMTP over TLS".
Figure 3-13 Secure OUC between a S7-1500 CPU and a mail server
To Next Page
Loading...
