Creating Self-Signed Certificates - Siemens SIMATIC S7-1500 Function Manual

OPC UA communication
9.2 Security at OPC UA
9.2.4

Creating self-signed certificates

Using the client's certificate generator
Many OPC UA client applications or SDKs are integrated in a sample application that allows
you to generate certificates for the client from this application.
The description for certificate generation can generally be found in the context for describing
the OPC UA client application.
Example client from the online support
The OPC UA .NET client for the SIMATIC S7-1500 OPC UA server
(https://support.industry.siemens.com/cs/ww/en/view/109737901) creates a self-signed
software certificate of the client application in the Windows Certificate Store during the first
program start. The documentation for this example describes the procedure for handling
these certificates.
Using the certificate generator of the TIA Portal
If you use an OPC UA client that does not generate a client certificate, you can create self-
signed certificates with STEP 7.
To do this, follow these steps:
1. In the properties of the CPU, double-click "<Add new>" under "Protection & Security >
Certificate manager > Device certificates".
2. Click "Add".
3. In the "Create a new certificate" dialog, select the "OPC UA client" option for "Usage".
4. Click "OK".
In the field "Subject Alternative Name" STEP 7 automatically enters the URI for the
generated certificate. In the program-specific certificate generation by means of the .NET
stack of the OPC Foundation, the field is called, for example, "ApplicationUri" - it can have a
different name in other tools for certificate generation.
See also
Handling of the client certificates of the S7-1500 CPU (Page 272)
152
Function Manual, 11/2019, A5E03735815-AH
Communication