OPC UA communication
9.2 Security at OPC UA
Communication
Function Manual, 05/2021, A5E03735815-AJ
187
Concept for automated certificate update for STEP 7 version V17 and higher
GDS and certificate manager are usually combined into one application; however, in the
figure below, they are two separate components.
Devices such as "normal" OPC UA clients are also suitable as certificate managers, but they
need to support the Bytestring data type that is required to transfer certificates, for example,
an S7-1500 CPU firmware V2.9 and higher as OPC UA client or the UA Expert tool (Unified
Automation) with GDS plugin.
The OPC UA server of the S7-1500 CPU as certificate receiver provides the standardized
methods and attributes that the OPC UA client certificates need to read and write trust lists
and CRLs.
The focus in the context of the OPC UA server of the S7-1500 CPU is the description of the
push function in contrast to the usual manner in which certificates are provided to the CPU:
By loading the hardware configuration.
The figure below shows how to transfer certificates and lists for OPC UA in an S7-1500 CPU
FW V2.9 or higher:
•
Either by loading the hardware configuration in STOP of the CPU; the certificates are part
of the hardware configuration.
•
Or via GDS push methods in RUN or in STOP mode of the CPU.
It is not possible to use both transmission paths in parallel.
See also
Certificates with OPC UA (Page 177)
Summary of Contents for SIMATIC ET 200AL
Page 2: ......
Page 143: ......
Page 218: ......
Page 250: ......
Page 296: ......
Page 337: ......
Page 365: ......
Page 392: ......
Page 419: ......
Page 451: ......
Page 483: ......
Page 597: ......
Page 648: ......
Page 702: ......
Page 739: ......
Page 781: ......
Page 804: ......
Page 828: ......
Page 853: ......
Page 880: ......
Page 906: ......
Page 996: ...Diagnostics ...
Page 1121: ......
Page 1565: ......