Open User Communication
6.11 Secure Open User Communication
Communication
Function Manual, 11/2019, A5E03735815-AH
105
4. Set the parameters for secure communication in the "Start value" column.
– "ActivateSecureConn": Activation of secure communication for this connection. If this
parameter has the value FALSE, the subsequent security parameters are irrelevant.
You can set up a non-secure TCP or UDP connection in this case.
– "TLSServerReqClientCert ": Request for an X.509-V3 certificate from the TLS client.
Enter the value "true".
– "TLSServerCertRef": ID of the own X.509-V3 certificate.
– "TLSClientCertRef": Enter the value 2 (reference to the CA certificate of the TIA Portal
project (SHA256) or the value 1 (reference to the CA certificate of the TIA Portal
project (SHA1)). If you use a different CA certificate, enter the corresponding ID from
the certificate manager of the global security settings.
5. Create one of the instructions TSEND_C, TRCV_C or TCON in the program editor.
6. Interconnect the CONNECT parameter of the instruction TSEND_C, TRCV_C or TCON
with the tags of the data type TCON_IP_V4_SEC.
Upload device as new station
When you upload a configuration with certificates and configured secure Open User
Communication as a new station into your STEP 7 project, the certificates of the CP are not
uploaded, in contrast to the certificates of the CPU. After the device has been loaded as a
new station, no more certificates are contained in the corresponding tables of the CPs for the
device certificates.
You have to perform configuration of certificates again after the upload. Otherwise, renewed
loading of the configuration results in the certificates that originally exist in the CP being
deleted so that secure communication does not function.
Secure OUC connections via CPU and CP interfaces - similarities
● Connection resources:
No differences between OUC and secure OUC. A programmed secure OUC connection
uses a connection resource just like an OUC connection, irrespective of which
IE/PROFINET interface communicates with the station.
● Connection diagnostics:
No differences between OUC and secure OUC connection diagnostics.
● Loading of projects with secure OUC connections into the CPU:
Only possible in STOP of the CPU, if certificates are loaded as well.
Recommendation: Load to device > Hardware and software. Reason: Ensuring the
consistency between the program with secure OUC, hardware configuration and
certificates.
Certificates are loaded with the hardware configuration - therefore loading requires a stop
of the CPU. The reloading of blocks that utilize further secure OUC connections is only
possible in RUN if the certificates required for this purpose are already located on the
module.
To Next Page
Loading...
Need help?
General
