Configuration
4.9 Security
CP 1243-1
Operating Instructions, 04/2017, C79000-G8976-C365-03
73
So that the CP can communicate with non-Siemens partners when the security functions are
enabled, the relevant certificates of the partners must be exchanged during communication.
To supply the CP with third-party certificates, follow the steps below:
1.
Importing third-party certificates from communications partners
⇒ Global security settings of the project (certificate manager)
2.
Assigning certificates locally
⇒ L
ocal security settings of the CP ("Certificate manager" table)
These two steps are described in the next two sections.
Importing third-party certificates from communications partners
Import the certificates of the communications partners of third-party vendors using the
certificate manager in the global security settings. Follow the steps outlined below:
1.
Save the third-party certificate in the file system of the PC of the connected engineering
station.
2.
In the STEP 7 project open the global certificate manager:
Global security settings > Certificate manager
3.
Open the "Trusted certificates and root certification authorities" tab.
4.
Click in a row of the table can select the shortcut menu "Import".
5.
In the dialog that opens, import the certificate from the file system of the engineering
station into the STEP 7 project.
Assigning certificates locally
To be able to use an imported certificate for the CP, you need to specify it in the "Security"
parameter group of the CP. Follow the steps outlined below:
1.
In the STEP 7 project select the CP.
2.
Navigate to the parameter group "Security > Certificate manager".
3.
In the table, double-click on the cell with the entry "<Add new>".
The "Certificate manager" table of the Global security settings is displayed.
4.
In the table. select the required third-party certificate and to adopt it click the green check
mark below the table.
The selected certificate is displayed in the local table of the CP.
Only now will the third-party certificate be used for the CP.
Exporting certificates for applications of third-party vendors (e.g. logging server)
For communication with applications of third-party vendors, the third-party application
generally also requires the certificate of the CP.