Types of Certificates

Filebased certificates can be used

Also WindowsCertificateStore certificates can be used

Filebased certificates

WinCC OA allows creating certificates that can be used for WinCC OA Features. The default certificates are located in the /config directory of the WinCC OA project and must be replaced by own PKI certificates in order to guarantee a secure communication/authentication.

For "How to create certificates" - see the chapters Panel for SSL Certificates, HTTPS (SSL Connections) as well as Root Certificate & the Trusted Certification Authorities for Browsers for the HTTP Server, the chapter WebView.ewo Certificate Handling for the webView.ewo and OPC UA Certificates for the use OPC UA certificates.

WindowsCertStore

Selected features of WinCC OA can access certificates stored in the Windows Certificate Store.

Usage of the Windows Certificate Store is documented in section Windows Certificate Store. You can open the Windows Certificate Store via the start menu by typing "cert" in the search field. See also chapter Windows Certificate Store.

Certificate File Format

The certificate file extension used by WinCC OA features is *.pem. This is the most commonly used format for certificates. The .crt file extension is also a PEM format but with the difference that the certificate can be viewed under Windows. The most used file extensions used for .pem are .cer, .crt, .pem or .key (used for the private key).

The following default certificates are created with the Standard project option - see chapter Create Project.

CAUTION: The certificate files for MProxy and Web Server must be in .pem format to be readable! For the MXProxy you can also use Windows certificate store certificates.
Table 1. WinCC OA Default Certificates
Feature Public Key Private Key
SSA user-cert.pem user-key.pem
MXProxy host-cert.pem host-key.pem
HTTP Server certificate.pem privkey.pem
Root Certificate (Root CA) root-cert.pem

root-privkey.pem