How can I avoid the security error messages cause by self signed certificates for WebClient Plug-In in Internet Explorer?
WinCC OA provides self signed certificates to establish the SSL communication between server and clients.
These certificates are not trusted by any official certification authority and this means that a trusted CA must be created and imported manually.
Please note: Those provided ETM default certificates must not be used in productive environments!
For this trusted CA it is necessary to use the hostname of the WebClient server (e.g. WinCCOA_Webserver) as CN-Name parameter to create the root and the host certificate on the WinCC OA server machine. This is necessary to avoid this security error after navigation to the URL of the WebClient server: “There is a problem with this website’s security certificate”
This will avoid the security issue when you are using http://WinCCOA_Webserver as URL address inside the IE. Please note that every other attempt like a usage with the IP-address instead of the hostname will lead to the same certificate error. This means only a single valid address could be used as the URL for navigation.
In a 2nd step it is necessary to import the created root certificate into the “Trusted Root Certification Authorities” store. There are 2 alternative solutions to import this certificate:
1st alternative solution - Manual installation:
1. Copy the root-certificate.pem to the client machine and rename it to root-certificate.crt
2. Open this file via Dbl-Click
3. Click the “Install Certificate…” button
4. Select “Place all certificates in the following store and browse to “Trusted Root Certification Authorities”
5. Click Next and wait until installation is done
6. Restart the browser
2nd alternative solution - Installation Inside Internet Explorer:
1. Browse to the site whose certificate you want to trust. (This is your WebClient e.g.: http://WinCCOA_Webserver)
2. When told “There is a problem with this website's security certificate.”, choose “Continue to this website (not recommended).”
3. Select Tools?Internet Options.
4. Select Security?Trusted sites?Sites.
5. Confirm the URL matches, and click “Add” then “Close”.
6. Close the “Internet Options” dialog box with either “OK” or “Cancel”.
7. Refresh the current page.
8. When told “There is a problem with this website's security certificate.”, choose “Continue to this website (not recommended).”
9. Click on “Certificate Error” at the right of the address bar and select “View certificates”.
10. Click on “Install Certificate...”, then in the wizard, click “Next”.
11. On the next page select “Place all certificates in the following store”.
12. Click “Browse”, select “Trusted Root Certification Authorities”, and click “OK”.
13. Back in the wizard, click “Next”, then “Finish”.
14. If you get a “Security Warning” message box, click “Yes”.
15. Dismiss the message box with “OK”.
16. Select Tools?Internet Options.
17. Select Security?Trusted sites?Sites.
18. Select the URL you just added, click “Remove”, then “Close”.
19. Now shut down all running instances of IE, and start up IE again.
20. The site’s certificate should now be trusted.