dl-breadcrumbs__homedl-breadcrumb-item__separatorConfiguration and programmingdl-breadcrumb-item__separatorProgramming with CODESYSdl-breadcrumb-item__separator...dl-breadcrumb-item__separatorCODESYS Development Systemdl-breadcrumb-item__separatorSecuritydl-breadcrumb-item__separatorFAQdl-breadcrumb-item__separatorCA-signed certificates preferred (PLC shell)
dl-pagination__prev-inactivedl-pagination__prev-activedl-pagination__next-inactivedl-pagination__next-active
CA-signed certificates preferred (PLC shell)dl-permalink__symbolPermalink

Using CA-signed certificates is not conveniently supported yet in CODESYS. However, you can still request and use these types of certificates. In the device editor, on the “PLC Shell” tab, you export the required CSR files to the file system and import from there the CER files sent from the certification authority.

Requesting and providing a CA-signed certificate

You are connected to the controller.

  1. First you generate certificate signing requests (CSR) of all server certificates.

    For this purpose, click the “PLC Shell” tab of the controller and type the command ‎cert-createcsr‎ in the input line.

  2. Click the “Log” tab and then the refresh button (_cds_icon_update).

    In the log entries, you can see that the CSR files were generated.

  3. Click the “Files” tab and open the file path ‎cert/export‎ in the right side of the “Runtime” dialog.

    The ‎export‎ folder contains the generated CSR files, for example ‎0_CmpsecureChannl.csr, 1_CmpApp.csr, 2_CmpWebServer.csr‎.

  4. Select a file path where you wish to insert the CSR files in the left side of the “Host” dialog, mark the CSR files in the right side of the dialog, and click _cds_button_double_arrow_left.

    The CSR files are copied to the required folder.

  5. These requests can be signed for certification signing by a certificate authority (CA), and then you receive a signed certificate from the certification authority.

  6. In the steps that follow, you import these signed server certificates to your controller.

    NOTICE

    NOTICE
    NOTICE
    NOTICE

    NOTICE

    NOTICE

    Caution: Self-signed certificates of the server must be deleted before importing the CA-signed certificates.

  7. Select the “Path” ‎cert/import‎ in the right side of the “Runtime” dialog.

  8. In the left side of the “Host” dialog, select the path in the file system where you saved the signed certificates and selected the certificates.

  9. Click _cds_button_double_arrow_right.

    The certificates are copied to the ‎cert/import‎ folder.

  10. Click the “PLC Shell” tab.

  11. Type the command ‎cert-import own <file name of the certificate.cer>‎ in the input line of the tab and press the [Enter] key.

    The signed certificates are available to the runtime system servers.