Configuration
4.9 Security
CP 1243-1
74
Operating Instructions, 04/2017, C79000-G8976-C365-03
You export the certificate of the CP for communications partners from third-party vendors in
much the same way as when importing (see above). Follow the steps outlined below:
1.
In the STEP 7 project open the global certificate manager:
Global security settings > Certificate manager
2.
Open the "Device certificates" tab.
3.
In the table select the row with the required certificate and select the shortcut menu
"Export".
4.
Save the certificate in the file system of the PC of the connected engineering station.
Now you can transfer the exported certificate of the CP to the system of the third-party
vendor.
Certificate for logging server
If you use a logging server in your system, export the SSL certificate for the authentication of
the CP on the server.
Change certificate: Subject Alternative Name
STEP 7 adopts the properties "DNS name", "IP address", and "URI" from the parameter
"Subject Alternative Name" (Windows: "Alternative applicant name") from the STEP 7
configuration data.
You can change this parameter of a certificate inn the certificate manager of the global
security settings. To do this, select the a certificate in the table of device certificates and call
the shortcut menu "Renew". Properties of the parameter "Alternative name of the certificate
owner" changed in STEP 7 are not adopted by the STEP 7 project.
4.9.10
VPN
4.9.10.1
VPN (Virtual Private Network)
VPN tunnel
Virtual Private Network (VPN) is a technology for secure transportation of confidential data in
public IP networks, for example the Internet. With VPN, a secure connection (tunnel) is set
up and operated between two secure IT systems or networks via a non-secure network.
One of the main features of the VPN tunnel is that it forwards all frames even from protocols
of higher layers (HTTP, FTP etc.).
The data traffic between two network components is transported practically unrestricted
through another network. This allows entire networks to be connected together via a
neighboring or intermediate network.