Skip to main content

View: Security – Device Certificates

Function: The view is used for certificate management of PLCs and Edge Gateways, and maps the device certificate management of CODESYS Development System. In this view, certificates can be created, renewed, downloaded, deleted, and moved to the Certificate Store. The operations can also be performed for multiple PLCs.

Call: CODESYS Automation Server → Security

Table 34.

PLCs

The table shows the certificates of the PLCs which are currently connected to the CODESYS Automation Server.

Edge Gateways

The table shows the certificates of the Edge Gateway which are currently connected to the CODESYS Automation Server.

Search

Searches the displayed PLCs or Edge Gateways for those whose Device Name, Thumbprint, or Use Case contains the string entered in the search field

Trust level

Filters the displayed PLCs or Edge Gateways by the following trust levels

  • Untrusted: Untrusted certificate

  • Trusted: Trusted certificates

  • Own: Certificate of the PLC or Edge Gateway

  • Quarantine: Certificates whose trust level could not be determined by a validation Incoming connections are therefore denied.

Expires before

Certificates which will expire or have expired before the specified date are filtered.

cas_icon_log_warning.png: The certificate will expire within the next 3 months.

cas_icon_log_error.png: The certificate has expired.

Filter PLCs / Filter Gateways

Filters the listed certificates by the selected PLCs or Edge Gateways

_cas_icon_update.png

Refreshes the certificate list with the certificates of the PLCs or Edge Gateways currently connected to the CODESYS Automation Server. When individual rows are selected, only the certificates of the selected PLCs or Edge Gateways are refreshed in the certificate list.

The Refresh Certificates dialog shows the PLCs or Edge Gateways for which the certificate display has been refreshed:

  • cas_icon_log_error.png: The certificates for this PLC have not been refreshed because the PLC is not currently connected to the CODESYS Automation Server.

  • cas_icon_check_circle.png: The certificates of this PLC or Edge Gateway are refreshed because the PLC is currently connected to the CODESYS Automation Server.

cas_icon_upload.png

Loads the selected certificates onto the respective PLC(s).

cas_icon_add_with_circle.png

Generates a self-signed certificate for the selected PLCs for a specific use case.

The following information can be entered or selected in the Create Certificate dialog:

  • Use Case

  • Validity period: Maximum value: 365 days

  • Key length: Default value: 2048 bits

This action is not available for Edge Gateways.

Encoding for transfer

Encoding for the transfer of certificates

  • .der: Files are encoded in binary

  • .pem: Files are encoded in text form

cas_icon_download_cert.png

Stores the selected certificates in the download folder of the computer. When more than one certificate is selected, the certificates are combined in a *.zip file.

_cas_icon_move.png

_cas_icon_move.png: Opens the Move Certificate in Certificate Store dialog to move the selected certificate to another certificate store.

In the dialog, the selected certificates are displayed and the trust level under which the certificates are to be stored in the Certificate Store can be selected. Click the Transfer button to move the certificate to the Certificate Store.

In the case of Edge Gateways, certificates with the CmpEdgeGateway use case cannot be moved.

_cas_icon_delete_small.png

Deletes the selected certificates on the device.

In the case of Edge Gateways, certificates with the CmpEdgeGateway use case cannot be deleted.

Information displayed in the table:

Device Name

Name of the PLC or Edge Gateway

Last Refresh

Shows when the respective line was last refreshed.

Thumbprint

Thumbprint of the certificate

Valid Until

Expiration date of the certificate

Use Cases

Use case of the PLC certificate, for example:

  • OPC UA Server: Encrypted communication over an OPC UA Server

  • Web Server: Encrypted communication with the web server

  • Encrypted Communication:

    • Encrypted communication between the development system and the PLC

    • Encrypted communication between the Edge Gateway and the PLC

Trust Level

Detailed information can be found further above in this table.

Actions

  • cas_icon_download.png: Transfers the selected certificate of the PLC to the download folder of the computer.

  • _cas_icon_move.png: Opens the Move Certificate in Certificate Store dialog to move the selected certificate to another certificate store.

    In the dialog, the selected certificate is displayed and the trust level under which the certificate is to be stored in the Certificate Store can be selected. Click the Transfer button to move the certificate to the Certificate Store.

  • _cas_icon_synchronize.png: Opens the Refresh Certificate dialog. In the dialog, the certificate is refreshed by creating a self-signed certificate.

    The Use Case, the Days of validity, and the Key Length can be defined in the dialog.

    This action is not available for Edge Gateways.

  • _cas_icon_delete.png: Deletes the certificate on the PLC.



: