QuickServer Start-Up Guide
Page 26 of 45
Appendix A.1.2. Configuring FieldServer as SSL/TLS Client
The following Node configurations set the FieldServer to open a secure Modbus/TCP connection to
Server at IP Address 10.11.12.13 on port 1502.
Appendix A.1.2.1. Simple Secure Client Configuration
Add Remote_Node_TLS_Port parameter in the nodes section of the configuration file and set to a port
number between 1
– 65535.
Nodes
Node_Name , Node_ID
, Protocol
, Adapter
, IP_Address
, Remote_Node_TLS_Port
PLC_11
, 11
, Modbus/TCP
, N1
, 10.11.12.13
, 1502
The above configuration sets the FieldServer to connect to a remote server but does not request a
server’s certificate for verification. This means that the FieldServer end point communication will be
encrypted but not authenticated.
If requested by a remote server, the FieldServer will send an embedded self-signed certificate.
Appendix A.1.2.2. Limit Server Access
Add the Validate_Server_Cert parameter to the client node section of the configuration.
……. , Remote_Node_TLS_Port
, Validate_Server_Cert
…….. , 1502
, Yes
The above configuration sets the FieldServer to request and verify the
server’s certificate against its own
internal authority file before finalizing the connection. By default, this means the FieldServer will only
establish connections to other FieldServers.
…….
, Remote_Node_TLS_Port
, Validate_Server_Cert
, Cert_Authority_File
……..
, 1502
, Yes
, my_authorized_servers.pem
The above configuration sets the FieldServer to use a specified PEM file to allow custom server
connections.
The authority file is a collection of server certificates in PEM format. This file can be edited using any text
file editor (such as notepad). When the file has all required certificates, paste it into the PEM formatted
server certificate. Now the FieldServer will connect to a server if it can find the
server’s certificate in the
authority file.
NOTE:
Cert_Authority_File is useful only if Validate_Client_Cert is set to ‘Yes’.
To upload the Certificate to the FieldServer follow the directions for the authority file in
Appendix A.1.2.3. Certificate Validation Options
Use the Check_Remote_Host element as described in
Appendix A.1.2.4. Set up Client Certificate
Make sure the certificate is in PEM format. Otherwise, convert it to PEM format (reference the link below).
support.ssl.com/Knowledgebase/Article
Configure the FieldServer to use a custom certificate as shown below:
……… , Client_Cert_File
……… , my_client_cert.pem