Siemens SIMATIC ET 200AL - Page 833

Siemens SIMATIC ET 200AL

1585 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

OPC UA communication

9.2 Security at OPC UA

Communication

Function Manual, 12/2017, A5E03735815-AF

147

X.509 certificates

An X.509 certificate includes the following information:

● Version number of the certificate

● Serial number of the certificate

● Information on the algorithm used by the certificate authority to sign the certificate.

● Name of the certificate authority

● Start and end of the validity period of the certificate

● Name of the program, person or organization for which/whom the certificate has been

signed by the certificate authority.

● The public key of the program, person or organization.

An X509 certificate thus links an identity (name of a program, person or an organization) to

the public key of the program, person or organization.

Check during connection establishment

When a connection is established between the client and server, the devices check all

information from the certificate that is required to establish integrity, for example signature,

validity, application name (URN).

Signing and encryption

To allow you to check whether a certificate has been manipulated, certificates are signed.

There are various possible procedures here

:

● You contact a certificate authority (CA) and have your certificate signed.

In this case, the certificate authority checks your identity and signs your certificate with

the private key of the certificate authority. To this purpose you send a CSR (Certificate

Signing Request) to the certificate authority. The process of creating a CSSR with the

OpenSSL tool yourself is described here. (Page 150)

● You yourself create a certificate and sign it.

To this purpose you use, for example, the "Opc.Ua.CertificateGenerator" program of the

OPC Foundation. The procedure is described here (Page 36). Or use OpenSSL:

Instructions are available under Generating PKI key pairs and certificates yourself

(Page 151).

● The easiest option: Both options are available in the TIA Portal. The TIA Portal can

generate and sign certificates. If you have protected your project and are logged in as a

user with the function right to make security settings, you can use the global security

settings. The global security settings allow access to the certificate manager and

therefore to the certificate authority (CA) of the TIA Portal.

Table of Contents

Other manuals for Siemens SIMATIC ET 200AL

Equipment Manual46 pages

Related product manuals

Preview: Siemens SIMATIC ET 200M

Siemens SIMATIC ET 200M

Preview: Siemens SIMATIC ET 200S

Siemens SIMATIC ET 200S

Preview: Siemens SIMATIC ET 200SP

Siemens SIMATIC ET 200SP

Preview: Siemens simatic ET 200MP

Siemens simatic ET 200MP

Preview: Siemens SIMATIC ET 200pro

Siemens SIMATIC ET 200pro

Siemens SIMATIC S5 ET 200U

Preview: Siemens SIMATIC ET 200SP HA

Siemens SIMATIC ET 200SP HA

Preview: Siemens SIMATIC ET 200eco PN

Siemens SIMATIC ET 200eco PN

Preview: Simatic S7-1500 / ET 200MP

Simatic S7-1500 / ET 200MP

Preview: SIMATIC ET 200SP DI 8x24VDC ST

SIMATIC ET 200SP DI 8x24VDC ST

Preview: SIMATIC ET 200SP 6ES7134-6GD01-0BA1

SIMATIC ET 200SP 6ES7134-6GD01-0BA1

Preview: SIMATIC ET 200SP HA DQ 32x24VDC/0.5A HA

SIMATIC ET 200SP HA DQ 32x24VDC/0.5A HA