Types of Certificates
Filebased certificates can be used
- for the Server-side Authentication for Managers
- for the Multiplexing Proxy
- for the HTTP Server
- The HTTP certificates are used for Mobile UI Application, ULC UX, NodeRED and Dashboard
- for the WebView.ewo
- for the Reporting Manager and
- for OPC UA
- S7 Driver
- Video Feature
Also WindowsCertificateStore certificates can be used
- for the Server-side Authentication for Managers and
- for the Multiplexing Proxy
Filebased certificates
WinCC OA allows creating certificates that can be used for WinCC OA Features. The default certificates are located in the /config directory of the WinCC OA project and must be replaced by own PKI certificates in order to guarantee a secure communication/authentication.
For "How to create certificates" - see the chapters Panel for SSL Certificates, HTTPS (SSL Connections) as well as Root Certificate & the Trusted Certification Authorities for Browsers for the HTTP Server, the chapter WebView.ewo Certificate Handling for the webView.ewo and OPC UA Certificates for the use OPC UA certificates.
WindowsCertStore
Selected features of WinCC OA can access certificates stored in the Windows Certificate Store.
Usage of the Windows Certificate Store is documented in section Windows Certificate Store. You can open the Windows Certificate Store via the start menu by typing "cert" in the search field. See also chapter Windows Certificate Store.
Certificate File Format
The certificate file extension used by WinCC OA features is *.pem. This is the most commonly used format for certificates. The .crt file extension is also a PEM format but with the difference that the certificate can be viewed under Windows. The most used file extensions used for .pem are .cer, .crt, .pem or .key (used for the private key).
The following default certificates are created with the Standard project option - see chapter Create Project.
Feature | Public Key | Private Key |
---|---|---|
SSA | user-cert.pem | user-key.pem |
MXProxy | host-cert.pem | host-key.pem |
HTTP Server | certificate.pem | privkey.pem |
Root Certificate (Root CA) | root-cert.pem |
root-privkey.pem |