Siemens SIMATIC S7-1500 Function Manual page 104

Settings at the TLS client
To set up a secure TCP connection in the TLS client, follow these steps:
1. Create a global data block in the project tree.
2. Define a tag of the data type TCON_IP_4_SEC in the global data block. To do so, enter
the string "TCON_IP_V4_SEC" in the "Data type" field.
The example below shows the global data block "Data_block_1" in which the tag
"SEC connection 1 TLS-Client" of the data type TCON_IP_V4_SEC is defined.
The Interface ID has the value of the HW identifier of the IE interface of the local CP
(TLS client).
Figure 6-23 IP_V4_SEC_Client
3. Set the connection parameters of the TCP connection in the "Start value" column. For
example, enter the IPv4 address of the TLS server for "RemoteAddress".
4. Set the parameters for secure communication in the "Start value" column.
– "ActivateSecureConn": Activation of secure communication for this connection. If this
– "TLSServerCertRef": Enter the value 2 (reference to the CA certificate of the
– "TLSClientCertRef": ID of the own X.509-V3 certificate.
Communication
Function Manual, 11/2019, A5E03735815-AH
parameter has the value FALSE, the subsequent security parameters are irrelevant.
You can set up a non-secure TCP or UDP connection in this case.
TIA Portal project (SHA256) or the value 1 (reference to the CA certificate of the TIA
Portal project (SHA1)). If you use a different CA certificate, enter the corresponding ID
from the certificate manager of the global security settings.
Open User Communication
6.11 Secure Open User Communication
103