Technical basics
3.8 Security functions
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
59
NAT translation and firewall rules
You will find an example of NAT translations on the Internet pages of Siemens Industry
Online Support.
Link: (https://support.industry.siemens.com/cs/ww/en/view/109744660)
3.8.6 Certificates
Certificate types
The device uses different certificates to authenticate the various nodes.
The CA certificate is a certificate issued by a Certificate Authority from
which the server, device and partner certificates are derived. To allow a
certificate to be derived, the CA certificate has a private key signed by
the certificate authority.
The key exchange between the device and the VPN gateway of the
partner takes place automatically when establishing the connection. No
manual exchange of key files is necessary.
Server certificates are required to establish secure communication (e.g.
HTTPS, VPN...) between the device and another network participant.
The server certificate is an encrypted SSL certificate. The server
certificate is derived from the oldest valid CA, even if this is "out of
service". The crucial thing is the validity date of the CA.
certificate
Certificates with the private key (key file) with which the device
identifies itself.
Certificates with which the VPN gateway of the partner identifies itself
with the device.
File types
File that contains the certificate.
In the PKCS12 certificate file, the private key is stored with the corresponding
certificate and is password protected.
The CA creates a certificate file (PKCS12) for both ends of a VPN connection
with the file extension ".p12". This certificate file contains the public and private
key of the local station, the signed certificate of the CA and the public key of the
Certificate and key as Base64-coded ASCII text.
To Next Page
Loading...
