Home
Security
Go beyond the norm in cybersecurity.
Security Features
Maintaining the control over production and the processes in the application has the highest priority in automation. Even measures to prevent security threats must not affect this.
Certificates
Required for the Use of Certificates

Security
Go beyond the norm in cybersecurity.
- Security Features
  Maintaining the control over production and the processes in the application has the highest priority in automation. Even measures to prevent security threats must not affect this.
  - WinCC OA Authorization Concept
  - Certificates
  - Login
  - Login Framework
    The WinCC OA login framework provides a framework that is easy to extend. The WinCC OA login panels can be easily replaced by user-specific panels without having to re-implement the functionality.
  - Server Side Authentication
  - User-defined Login
  - Authentication via Kerberos, basics
    In a more and more networking world, a WinCC OA system could be exposed to different types of attacks. An unauthorized WinCC OA system could connect to the distribution manager or hackers could try to manipulate WinCC OA messages.
  - Encryption
- Multiplexing Proxy
  The WinCC OA Multiplexing Proxy Manager is used to increase the security of your WinCC OA projects.
- Siemens CERT Portal – Accessing Security Information for WinCC OA
  Learn how to access security advisories and updates relevant to WinCC OA through the Siemens ProductCERT portal by filtering for "WinCC OA".
- Further References

Required for the Use of Certificates

To use certificates in a WinCC OA project:

Root CA (Root Certificate Authority)

Obtain the certificates from a well-known certificate authority such as VeriSign.

or use either the

Project Administration

To create a Standard project - see chapter Create Project. Standard project option creates a server-side authentication project for managers or for UI managers. Then use the "Generate automatically" option of the "New Project" wizards to create certificates automatically.

or

Manual Creation via SSL Certificates Panel

To create certificates - see chapter Panel for SSL Host Certificates and set config entries in order to use the ceated certificates - see chapters Config Entries for MxProxy and HTTP Server, Config Entries for SSA for Managers and Config Entries for the Reporting Manager for Reporting. NOTE that only the config entries: httpAuth, httpsPort and sslCertificate of the reporting manager are relevant here.
Note:
Note that self-signed certificates and an own root certificate authority are created in the process via Project Administration or the SSL Certificates Panel. Note that you must replace the default certificates with your own certificates.

Note:
The openssl.cnf is the configuration file for the OpenSSL toolkit. The openssl.cnf file is used as input for creating certificates for mxProxy or SSA.
In our panels for creating certificates, the configuration is read from the openssl.cnf. The file therefore already contains the settings required in WinCC OA.

You can find an example of how to manually generate certificates using OpenSSL commands in our Security Guideline. The example provided is from the default OpenSSL installation, which is located in the wincc_oa_path/bin directory. However, note that this OpenSSL configuration is not used by WinCC OA.

Feature-specific Certificate Configurations

The use of certificates for the WebView.ewo and OPC UA is described in feature-specific chapters: WebView.ewo Certificate Handling and OPC UA Certificates for the use OPC UA certificates as well as Root Certificate & the Trusted Certification Authorities for Browsers for the HTTP Server. For the description of the certificates for the Mobile UI Application, see chapter Mobile Application Interface.

Feature-specific Configurations

Some features require specific settings. The settings are described in the feature-specific chapters.

Multiplexing Proxy: Configuration of the Multiplexing Proxy
SSA for Managers: Requirements and Installation
HTTP Server: HTTP Server Requirements and Installation
- Mobile UI: Configuration
- ULC UX: Configuration
- NodeRED: Node-RED - Admin
- Dashboard: Requirements and Installation
- Desktop UI: Configuration
Reporting Manager: Requirements and Installation
WebView.ewo: WebView.ewo
OPC UA: OPC UA - Establish Communication
Mobile UI: Configuration
S7 driver: S7 Driver Configuration
Video Feature: Configuration of the Video Server