Communications services
3.6 Secure Communication
Communication
Function Manual, 05/2021, A5E03735815-AJ
61
3.6.2
Requirements for secure communication
3.6.2.1
Protection of confidential configuration data
As described in the basic information on secure communication, the proper functioning of
certificate-based protocols requires private keys that must be protected as best as possible.
As of STEP 7 V17, you can use a password to protect these keys and other data worth
protecting: The password to protect confidential PLC configuration data.
It is possible to do without the password if you have implemented measures to prevent
unauthorized access to the TIA Portal project and the configuration of the CPU.
independently of whether you assign a password or not: The TIA Portal generates a key
information that provides for the protection of the confidential PLC configuration data. This
password has no influence on the secure communication process. However, the complexity
of the password for the protection of confidential PLC configuration data determines how
well the private keys, for example, are protected.
The presence of key information is a prerequisite for secure communication such as
TLS-based secure PG/HMI communication: The CPU can handle certificates which are required
for Secure Communication only if this key information is available.
The following figure shows the relationships described.
Figure 3-15 Contexts for protecting confidential configuration data
Security settings wizard
When you add a CPU to the project that supports secure PG/HMI communication in the TIA
Portal from the hardware catalog, a wizard starts for the security settings of the CPU.
The wizard guides you step-by-step through the following CPU settings:
•
Password to protect confidential PLC configuration data
•
PG/PC and HMI communication mode
•
Access level
Each of these settings is explained in detail in the wizard. At the end, all settings are once
again summarized in an overview.
The wizard also starts, for example, when you replace a module in the network view of the
TIA Portal and the new CPU, unlike the replaced CPU, supports secure PG/HMI
communication.
All settings in the wizard are applied in the Inspector window (CPU properties).
You can start the wizard at any time using a Start button in the "Protection & Security" area of
the CPU properties.
Summary of Contents for SIMATIC ET 200AL
Page 2: ......
Page 143: ......
Page 218: ......
Page 250: ......
Page 296: ......
Page 337: ......
Page 365: ......
Page 392: ......
Page 419: ......
Page 451: ......
Page 483: ......
Page 597: ......
Page 648: ......
Page 702: ......
Page 739: ......
Page 781: ......
Page 804: ......
Page 828: ......
Page 853: ......
Page 880: ......
Page 906: ......
Page 996: ...Diagnostics ...
Page 1121: ......
Page 1565: ......