Node-RED - Security

The Security tab allows you to set the security certificates and to change Node-RED settings. Additionally, the User Management can be accessed by clicking the button at the bottom right.

Note: If the settings in the Security tab are changed, the Node-RED server will restart.
Figure 1. Security tab in the Node-RED Wizard

Security Certificates

To use the WWS-Server with server-side authentication a host certificate and a host key file are needed. After installation Node-RED uses the default certificates. In production environments as well as in standard projects these default certificates must not be used. Instead new certificates have to be created. For more detailed information, see also the SSL Certificate Panel.

Upon Start of the Node-RED server with concurrent start of the WebSocket server the certificates are specified or created in a separate dialog.

Figure 2. certificate dialog

An existing host certificate and host key file can be selected, or a new certificate is created with the option "Open SSL certificate panel".

  • In the root certificate section, the root certificate, root private key file and the associated password, that were created with the project creation must be entered.

  • In the host certificate section, a free certificate is created. Here, the user running the WebSocket server has to be entered in the "Role/User (optional)" field.

  • After specifying the certificates, the WebSocket server is started, which has to be confirmed with the Pmon user.

Additional Settings

You can change the Node-RED server's IP adress and port, if a different server has to be used. In case a server and client setup is used, this address should be the address of the server used (e.g.: 192.162.152.11), instead of localhost (127.0.0.1).

The session expiration time can be adjusted. The logged-in user is logged out automatically after the set time. However, any running flows started by the user will continue to run.

You can also change the recorded debug level. This increases the level of detail included in the debug messages in the Overview tab.

  • info - provides information about the general running of the application

  • debug - provides more detailed information than info

  • trace - provides a very detailed logging record

User Management

The User Management sets up, removes and organizes the available Node-RED users.

The Node-RED Users are created specifically for Node-RED and are only applicable within the Node-RED Wizard. That means they can not be used elsewhere in WinCC OA.

At least one Node-RED User with administrator rights must always exist.

Figure 3. User Management

A new Node-RED User is created in a separate dialogue box. The User sets a password and can also receive administrator privileges in the Node-RED Wizard. Creating a new Node-RED User prompts the automatic creation of a WinCC OA User with the same user data. This WinCC OA User is used to start the WebSocket Secure server. However, another WinCC OA user may be employed for this.

Figure 4. create new user dialog