Eaton ProtoAir Start-Up Guide
Page 36 of 66
Appendix A.1.1.4. Certificate Validation Options
If connections must be limited to only a particular domain (vendor devices), include Check_Remote_Host
to specify the domain/host name.
Connections
Adapter , Protocol
, TLS_Port
, Validate_Client_Cert , Cert_Authority_File
, Check_Remote_Host
N1
, Modbus/TCP , 1502
, Yes
, my_authorized_clients.pem , SMC
The configuration above tells the FieldServer to only accept connections that have the correct certification
and is coming from the specified host.
The Check_Remote_Host value is synonymously known as common name, host name or domain etc.
The common name can be obtained by the following methods:
Ask the certificate issuer for the host name.
Use online tools to decode the certificate (for example:
https://www.sslshopper.com/certificate-
).
If the program openssl is installed on the local PC, then run the following command to get the
common name: openssl x509 -in certificate.pem -text
–noout
Appendix A.1.1.5. Set up Server Certificate
Make sure the certificate is in PEM format. Otherwise, convert it to PEM format (reference the link below).
support.ssl.com/Knowledgebase/Article
Configure the FieldServer to use a custom certificate as shown below:
Connections
Adapter , Protocol
, TLS_Port
, Server_Cert_File
N1
, Modbus/TCP , 1502
, my_server_cert.pem