OPC UA communication
9.3 Using the S7-1500 as an OPC UA server
Communication
168 Function Manual, 12/2017, A5E03735815-AF
Alternatively, you can also generate a server certificate yourself.
The certificate of the server is transferred from the server to the client during establishment
of a connection. The client checks the certificate.
The client user decides whether the server certificate is to be trusted.
The user at the client side now has to decide whether the server certificate is to be trusted. If
the user trusts the server certificate, the client stores the server certificate in its directory
containing the trusted server certificates.
The following example shows a dialog of the client "UA Sample Client". When the user clicks
the "Yes" button, the client trusts the server certificate:
Figure 9-10 Dialog of the client "UA Sample Client"
Generating server certificates with STEP 7 (Page 174)
Secured transferring of messages (Page 154)
Where does a client certificate come from?
When you use UA clients from manufacturers or the OPC Foundation, a client certificate is
generated automatically during installation or upon the first program call. You have to import
these certificates via the global certificate manager in STEP 7 and use them for the
corresponding CPU (as shown above).
When you program an OPC UA client yourself, you can have the certificates generated by
the program; see the section "Instance certificate for the client (Page 138)". Alternatively,
you can generate certificates with tools, for example with OpenSSL or the certificate
generator of the OPC Foundation:
● The procedure for OpenSSL is described here: "Generating PKI key pairs and certificates
yourself (Page 151)".
● Working with the certificate generator of the OPC Foundation is described here: "Creating
self-signed certificates (Page 150)".
To Next Page
Loading...
