Requirement: You are connected to the controller.
-
First, you generate a certificate request for all required certificates or components (CSR = Certificate Signing Request). These can also become client certificates (for example, for the OPC UA client). To do this, click the “PLC Shell” tab of the controller. In the input line, type in the
cert-createcsr
command.Syntax:
cert-createcsr [<number retrieved by \"cert-getapplist\">] [encoding=Base64 | ASN.1]
-
Click the “Log” tab and then click the
refresh button.
In the log entries, you can see that the CSR files were generated.
-
Click the “Files” tab and open the file path
cert/export
in the right side of the “Runtime” dialog.The
export
folder contains the generated CSR files.Example:
0_CmpsecureChannl.csr, 1_CmpApp.csr, 2_CmpWebServer.csr
-
Select a file path where you want to insert the CSR files in the left side of the “Host” dialog, mark the CSR files in the right side of the dialog, and click
.
The CSR files are copied to the required folder.
-
These certificate requests can be signed by a certificate authority (CA). As a result, you get a certificate signed from the certification authority.
-
In the steps that follow, you import these signed certificates to your controller.
After restarting the controller, the CA-signed certificates are used automatically.
Alternatively, you could also use the 0_Global: Product Security Agent to transfer the certificates to the controller. For more information, see: CODESYS Security Agent.
-
Select the “Path”
cert/import
in the right side of the “Runtime” dialog. -
In the left side of the “Host” dialog, select the path in the file system where you saved the signed certificates and selected the certificates.
-
Click
.
The certificates are copied to the
cert/import
folder. -
Click the “PLC Shell” tab.
-
Type the
cert-import own <file name of the certificate.cer>
command in the input line of the tab and press the [Enter] key.The signed certificates are available to the runtime servers.
In the configuration file of the controller (for example, CODESYSControl.cfg), the name of the organization can be set in the certificate for an OPC UA server with the following entry:
[CmpOPCUAServer]
SECURITY.CompanyOrOrganizationName="<organization name>"
If the CODESYS Security Agent installed, there is also an option to change the device security settings on the tabcommunication of the device editor.
-
See also: ⮫ PLC Shell, ⮫ PLC Shell