manualshive.com logo in svg

Siemens ROS, User Manual

Siemens ROS grants users easy access to the necessary information to seamlessly operate their device. This comprehensive User Manual empowers users by providing a step-by-step guide for a smooth user experience. Download this free manual from manualshive.com to ensure you make the most of your Siemens ROS product.

Share
Download
background image

RUGGEDCOM 

Application Note

ii

Copyright 

©

 2013 RuggedCom Inc.

All rights reserved. Dissemination or reproduction of this document, or evaluation and communication of its contents, is not authorized

except where expressly permitted. Violations are liable for damages. All rights reserved, particularly for the purposes of patent application or

trademark registration.
This document contains proprietary information, which is protected by copyright. All rights are reserved. No part of this document may be

photocopied, reproduced or translated to another language without the prior written consent of RuggedCom Inc.

Disclaimer Of Liability

Siemens has verified the contents of this manual against the hardware and/or software described. However, deviations between the product

and the documentation may exist.
Siemens shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing,

performance, or use of this material.
The information given in this document is reviewed regularly and any necessary corrections will be included in subsequent editions. We

appreciate any suggested improvements. We reserve the right to make technical improvements without notice.

Registered Trademarks

ROX™, Rugged Operating System On Linux™, CrossBow™ and eLAN™ are trademarks of Siemens AG. ROS® is a registered trademark of

Siemens AG.
OpenNMS® is a registered trademark of The OpenNMS Group, Inc.
Microsoft Windows XP and Microsoft Windows 7 are registered trademarks of Microsoft Corporation in the United States and other countries.
Other designations in this manual might be trademarks whose use by third parties for their own purposes would infringe the rights of the

owner.

Security Information

Siemens provides automation and drive products with industrial security functions that support the secure operation of plants or machines.

They are an important component in a holistic industrial security concept. With this in mind, our products undergo continuous development.

We therefore recommend that you keep yourself informed with respect to our product updates. Please find further information and newsletters

on this subject at: 

http://support.automation.siemens.com

.

To ensure the secure operation of a plant or machine it is also necessary to take suitable preventive action (e.g. cell protection concept) and

to integrate the automation and drive components into a state-of-the-art holistic industrial security concept for the entire plant or machine.

Any third-party products that may be in use must also be taken into account. Please find further information at: 

http://www.siemens.com/

industrialsecurity

.

Contacting Siemens

Address

Siemens AG

Industry Sector

300 Applewood Crescent

Concord, Ontario

Canada, L4K 5C7

Telephone

Toll-free: 1 888 264 0006

Tel: +1 905 856 5288

Fax: +1 905 856 1995

E-mail

[email protected]

Web

www.RuggedCom.com

Summary of Contents for ROS

Page 1: ...on Windows 2 Installing the Scripts 3 Using Scripts to Create SSL Certificates 4 Using the Scripts to Create SSH Keys for ROS 5 Adding a Root CA Certificate to the List of Trusted Root CAs 6 PEM Formatted Certificates and Keys 7 Generating a Certificate from a Certificate Request in Windows 2008 CA 8 Frequently Asked Questions FAQs 9 ...

Page 2: ...red trademark of Siemens AG OpenNMS is a registered trademark of The OpenNMS Group Inc Microsoft Windows XP and Microsoft Windows 7 are registered trademarks of Microsoft Corporation in the United States and other countries Other designations in this manual might be trademarks whose use by third parties for their own purposes would infringe the rights of the owner Security Information Siemens prov...

Page 3: ...ine Hosting the Scripts Becomes the Root CA 7 4 2 Scenario 2 The CA Resides Elsewhere 9 4 3 Scenario 3 Self Signed Device Certificates 11 Chapter 5 Using the Scripts to Create SSH Keys for ROS 15 Chapter 6 Adding a Root CA Certificate to the List of Trusted Root CAs 17 Chapter 7 PEM Formatted Certificates and Keys 19 Chapter 8 Generating a Certificate from a Certificate Request in Windows 2008 CA ...

Page 4: ...Table of Contents RUGGEDCOM Application Note iv ...

Page 5: ...lf signed certificates or certificates signed by a Certificate Authority CA This document will make the Windows machine a Certificate Authority CA and sign certificates IMPORTANT Normally the steps involved in creating the private key and creating the Certificate Signing Request CSR are the ones that will be performed if a Certificate Chain of Trust is implemented in the organization The CSR files...

Page 6: ...RUGGEDCOM Application Note Chapter 1 Introduction 2 ...

Page 7: ...owing 1 Download the OpenSSL Setup program without sources for Windows from http gnuwin32 sourceforge net packages openssl htm 2 Double click the downloaded file and install OpenSSL During the installation process change the installation directory to C OpenSSL This is essential for the scripts to generate the certificates and keys properly ...

Page 8: ...RUGGEDCOM Application Note Chapter 2 Installing OpenSSL on Windows 4 ...

Page 9: ...talling the Scripts To install the scripts extract the contents of the Zip file AN22 zip obtained from Siemens into an appropriate location on the script machine the computer server that hosts the scripts A folder titled RCKeyGen will be placed in the chosen location ...

Page 10: ...RUGGEDCOM Application Note Chapter 3 Installing the Scripts 6 ...

Page 11: ...CA Resides Elsewhere Section 4 3 Scenario 3 Self Signed Device Certificates Section 4 1 Scenario 1 The Machine Hosting the Scripts Becomes the Root CA In the first scenario the machine that hosts the scripts is the Root CA and it directly issues keys and certificates for the ROS and ROX devices In this case the certificate requests generated for each device will be signed by the Root CA which is a...

Page 12: ...tificates are to be generated The script will take the list of addresses and use them as the Common Name parameter in the Distinguished name field i e the Subject Identifier in an X 509 certificate The script can take both IP addresses and DNS names for the switches The list must have some addresses for the script to generate certificates NOTE Setting the Common Name IP address DNS address correct...

Page 13: ...re information about uploading the certificates refer to the User Guide for the device Section 4 2 Scenario 2 The CA Resides Elsewhere In this scenario it is assumed that a CA has already been established in the organization which can be used to accept certificate requests from the computer that hosts the scripts and signs the certificates for ROS and ROX devices In this case the script will simpl...

Page 14: ... 2 Certificate Authorities CAs 3 Certificate 4 Certificate Request 5 Script Machine 6 ROS ROX Compatible Certificate 7 ROS ROX Devices 1 Navigate to the RCKeyGen folder on the script machine and open the file config txt in a text editor NOTE Do not use the default the parameters provided in the config txt file They are provided as an example only 2 Make sure CREATE_ROOTCA equals 0 ...

Page 15: ...click the script 02_ssl_device_certgen vbs to generate a certificate signing request for each device listed in device_data txt When the script asks if the certificates need to be self signed click No The SSL_certs folder now has both keys and Certificate Signing Requests for the ROS ROX devices The CSRs need to be exported to and signed by the organizational CA 8 Generate certificates from the Cer...

Page 16: ...s The list must have some addresses for the script to generate certificates NOTE Setting the Common Name IP address DNS address correctly will make sure browsers do not complain about the certificate Common Name not matching the URL The switch will also have to be accessed using the DNS name or the IP address that was provided in device_data txt Configuring an IP address for the Common Name and th...

Page 17: ...ert the certificates into PEM format and clean up any files that were created by the scripts The finished certificates are available in the SSL_certs folder and named according to their associated device as defined in device_data txt 6 Upload the certificates to their respective devices For more information about uploading the certificates refer to the User Guide for the device ...

Page 18: ...RUGGEDCOM Application Note Chapter 4 Using Scripts to Create SSL Certificates Scenario 3 Self Signed Device Certificates 14 ...

Page 19: ...ses one per line for devices for which SSH keys are to be generated The script can take both IP addresses and DNS names The list must have some addresses for the script to generate keys 3 Save and close the file NOTE For Windows XP scripts should be launched through the command prompt in the same order as described in this procedure 4 Double click the script 4_ssh_keygen vbs The keys are generated...

Page 20: ...RUGGEDCOM Application Note Chapter 5 Using the Scripts to Create SSH Keys for ROS 16 ...

Page 21: ... trusted Certificate Authority To prevent this warning message in Internet Explorer perform the following procedure to add a Root CA certificate to the trusted Root CA list NOTE This procedure is only applicable when device certificates are signed by a CA For more information about signing device certificates refer to Section 4 1 Scenario 1 The Machine Hosting the Scripts Becomes the Root CA and S...

Page 22: ...screen instructions to locate the root certificate file and make sure it is placed in the Trusted Root Certification Authorities store When finished a security warning will be displayed Click Yes to acknowledge 6 Acknowledge all other messages and close all dialog boxes 7 In Internet Explorer open a Web session to the device The warning message should not appear ...

Page 23: ...OLlJVR0dFRENPTS5MT0NBTDEkMCIGCSqGSIb3DQEJ ARYVc3VwcG9ydEBydWdnZWRjb20uY29tMB4XDTEyMTAyMzIxMTA1M1oXDTE3MTAy MjIxMTA1M1owgZwxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdPbnRhcmlvMRAwDgYD VQQHEwdDb25jb3JkMRIwEAYDVQQKEwlSdWdnZWRDb20xGTAXBgNVBAsTEEN1c3Rv bWVyIFN1cHBvcnQxFDASBgNVBAMTCzE5Mi4xNjguMS4yMSQwIgYJKoZIhvcNAQkB FhVTdXBwb3J0QHJ1Z2dlZGNvbS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBALfE4eh2aY CE3W5a4Wz1Z1RGRP02...

Page 24: ...kT9Ngjh7ded8BRa1PP3xUFzYSp UIq5QB2zU0UsHE0fGRWqYr8GA4r59KIDhhV5J2D dIL9qCGklWNPBamZCVu 4N5M 5L Ga8N5lv3AbGSfEsiiyA38uNNR5B6QzpXuTbEBUq84hlD4wDiL78eKwIDAQAB AoGBAI2CXHuHg23wuk9zAusoOhw0MN1 M1jYz0k9aajIvvdZT3Tyd29yCADy8GwA eUmoWXLS C4CcBqPa9til8ei3rDn w8dveVHsi9FXjtVSYqN ilKw moMAjZy4kN kpdpHMohwv 909VWR1AZbr YTxaG tKl5bqXnZl4wHF8xAkEA5vwut8USRg2 TndOt1e8ILEQNHvHQdQr2et xNH4ZEo7mqot6skkCD1xmxA6XG64h...

Page 25: ...icate in a windows 2008 server 1 Copy and paste the CSR file generated in the script machine to any folder in your CA In this example the CSR files are copied to C 2 Click Start select Administrative Tools and click Certificate Authority The certsrv window appears Figure 6 Certsrv Window This window lists all of the domains that are part of the root CA 3 Right click the domain for which a certific...

Page 26: ...Select the CSR file and click Open 5 Navigate to the Pending Requests folder If the certificate request is uploaded properly the request will appear in this folder Figure 8 Pending Requests Folder 6 When the request has been received right click the request select All Tasks and click Issue The request is signed by the CA and the certificate is issued ...

Page 27: ...g a Certificate from a Certificate Request in Windows 2008 CA 23 Figure 9 Issuing the Certificate 7 Navigate to the Issued Certificates folder Figure 10 Issued Certificates Folder 8 Double click on the certificate The Certificate dialog box appears ...

Page 28: ...meters are correct and then click Copy to File The Certificate Export Wizard dialog box appears Figure 12 Certificate Export Wizard 11 Follow the on screen instructions and note the following When the wizard asks which format to use select Base 64 encoded X 509 CER Make sure the name of the final certificate is consistent with the name of the device as defined in device_data txt For example if the...

Page 29: ...he SSL_certs folder 13 Make sure a matching key file is present in the SSL_certs folder 14 Double click the script 03_ssl_formatting vbs to convert the certificates into PEM format and clean up any files that were created by the scripts The finished certificates are available in the SSL_certs folder and named according to their associated device as defined in device_data txt ...

Page 30: ...RUGGEDCOM Application Note Chapter 8 Generating a Certificate from a Certificate Request in Windows 2008 CA 26 ...

Page 31: ...ficate for a device has to be regenerated after expiry refer to one of the three scenarios depending on your setup described in the SSL certificates section of this document Open the SSL_certs folder and delete the expired device certificates if necessary and then open the device_data txt file to add new device name When creating certificates for new devices if you do not want to recreate device c...

Page 32: ...RUGGEDCOM Application Note Chapter 9 Frequently Asked Questions FAQs 28 ...

Reviews:

No comments

Related manuals for ROS

Yamaha PM1D Manager V2 Owner'S Manual preview
PM1D Manager V2
Brand: Yamaha Pages: 24
Omron WS02-NCTC1-E - 07-2001 Operation Manual preview
WS02-NCTC1-E - 07-2001
Brand: Omron Pages: 116
Avaya IP Office CTI Link Programmer'S Manual preview
IP Office CTI Link
Brand: Avaya Pages: 28
Juniper BGP Configuration Manual preview
BGP
Brand: Juniper Pages: 748
IBM PERFORMANCE MANAGEMENT FOR POWER SYSTEMS Getting Started Manual preview
PERFORMANCE MANAGEMENT FOR POWER SYSTEMS
Brand: IBM Pages: 12
Mitsubishi Gpredict 1.2 User Manual preview
Gpredict 1.2
Brand: Mitsubishi Pages: 64
Sawgrass Aficio GX7000 Getting Started Manual preview
Aficio GX7000
Brand: Sawgrass Pages: 48
3Com SUPERSTACK II HUB 10 24-PORT TP User Manual preview
SUPERSTACK II HUB 10 24-PORT TP
Brand: 3Com Pages: 8
3Com 3CWXMUPA Release Note preview
3CWXMUPA
Brand: 3Com Pages: 8
Arturia Prophet V User Manual preview
Prophet V
Brand: Arturia Pages: 117
Sierra Wireless Writing an embedded application loader Application Note preview
Writing an embedded application loader
Brand: Sierra Wireless Pages: 9
Sierra Wireless IP Manager Configuration Manual preview
IP Manager
Brand: Sierra Wireless Pages: 16
Intel Application Accelerator User Manual preview
Application Accelerator
Brand: Intel Pages: 90
Intel SMALL BUSINESS SERVER Manual preview
SMALL BUSINESS SERVER
Brand: Intel Pages: 79
National Instruments Instrument Driver NI-DMM Quick Reference preview
Instrument Driver NI-DMM
Brand: National Instruments Pages: 12
FARONICS ANTI-VIRUS Getting Started Manual preview
ANTI-VIRUS
Brand: FARONICS Pages: 4
Parallel Parallels Desktop 4.0 Brochure & Specs preview
Parallels Desktop 4.0
Brand: Parallel Pages: 2
Xerox DOCUSP 50.XX User Manual preview
DOCUSP 50.XX
Brand: Xerox Pages: 32

Brands by name

Popular brands

Load more brands