View ‘Security-Screen’ - ‘Devices’

Symbol: ac997c4c1cffea9bc0a864632e303f1c_5404cf3bb8e18d57c0a864631504790f

Function: This tab allows for the configuration and the transfer of controller certificates for encrypted communication with the controller.

Call: Menu bar: View.

Requirement: The CODESYS Security Agent add-on product is installed.

For more information about this topic, refer to the CODESYS online help:

  • Encryption and signing with certificates: _cds_encrypting_signing_with_certificates
  • Security-Screen: _cds_cmd_cyber_screen

The Devices tab shows all PLC devices configured in the project and their certificate store. If the communication path to the controller is configured, then you see the certificates stored in the memory. Here you can create and configure new certificates on the controller.

Left side: Information

Devices and certificate store

Shows the individual devices ac997c4c1cffea9bc0a864632e303f1c_fa2a2bab2cf59c86c0a86463385d5454 as expandable nodes, each with the controller-specific ac997c4c1cffea9bc0a864632e303f1c_af98f51f2ceff397c0a8646362faa942 certificate store below it.

For example, there are the following categories for the CODESYS Control Win V3:

  • Individual certificates: Certificates with the associated, private key to which you have access.
  • Trusted certificates: Certificates that have been created by a trusted certificate source.
  • Untrustworthy certificates: Certificates that you have defined specifically as not trusted.
  • Certificates in quarantine: Certificates that do not fulfill the criteria of the categories above.
Toolbar (left side)

ac997c4c1cffea9bc0a864632e303f1c_ee2b8f5c31a07f4dc0a864632a980e1f : Refresh the display

ac997c4c1cffea9bc0a864632e303f1c_0014f88a31a2facfc0a8646311273120 : Download: Transfer the selected certificate to the PLC
Right side:

If the active path to the controller is set and a device node is selected, then every use case for controller certificates are displayed on the right side.

  • OPC UA Server: Encrypted communication over an OPC UA server
  • Encrypted Communication: Encrypted communication between the development system and the controller
  • Encrypted Application: Encryption of the boot application
  • Web Server: Encrypted communication with the web server

As long as a certificate is not available for one of these use cases, it is displayed with the icon ac997c4c1cffea9bc0a864632e303f1c_66554fd609226287c0a864632c30b32f and as (not available).

When a certificate store is selected on the left side, all certificates in it are displayed on the right side with the following information:

Information: Use case (Currently the affected controller component is displayed: for example CmpSecureChannel.)

Created for: Name of the computer for which the certificate was created (for example, MyLocalPC)

Created by: Name of the computer on which the certificate was created (for example, MyLocalPC)

Valid as of: Date (for example, 20-07-2017 15:09:29)

Valid until: Date (for example, 20-07-2022 00:00:00)

Thumbprint: Checksum from specific properties of the certificate for purposes of identification (for example, 279e1a46b86bd636c8e6f19fd51c222469ec49a8)

Double-clicking a certificate entry opens the default Windows Certificate dialog. In this way, you can import a controller certificate in the Windows Certificate Store to the directory Controller certificates so that it is available for encryption of download, online change, and boot application.

If multiple certificates are available for one use case, then the system follows the steps below to determine the certificate that is used:

  • Certificate that was created directly by the user (currently not supported)
  • Filtering of existing certificates by:
    • 1. Subject (user of the certificate)
    • 2. Key usage
    • 3. Extended key usage
    • 4. Valid time stamp
  • Dividing of detected, valid certificates as “signed” and “self-signed”
  • Filtering of signed certificates, and the self-signed certificates by the following criteria:
    • 1. Longest validity period
    • 2. Strongest key
 

Drag&Drop: Moving of the certificate to another certificate store of the same device

Double-clicking a certificate entry opens the default Windows dialog for displaying all certificate information.
Toolbar (right side)

ac997c4c1cffea9bc0a864632e303f1c_1a8acf7131aa09d6c0a864631f4e5f11 : Creation of a new certificate for a specific use case

The dialog Certificate settings opens for configuring the Validity period of the certificate and the Key length for the private key. OK saves the specified values in the CODESYS options. The values are set again at the next operation.

As long as the certificate is being created, “(computing)” is shown after the use case.You cannot cancel the creation operation, but you can close and continue working with the Security-Screen.

ac997c4c1cffea9bc0a864632e303f1c_06a0003531a44584c0a8646347dbb2ea : Upload and save the selected certificate to the local file system.

ac997c4c1cffea9bc0a864632e303f1c_085c7d2d31a6faabc0a8646357ee274f : Delete the selected certificate.