Skip to main content

Command: Security Screen

Symbol: _cds_icon_cyber_screen_blue.png

Function: The command opens the Security Screen view.

Call:

  • View Menu

  • _cds_icon_cyber_screen_blue.png icon or _cds_icon_cyber_screen_grey.png in the status bar

    The icon is displayed in blue when a valid certificate is specified for the digital signature. When only one client certificate is specified for the encrypted communication, the icon remains gray, resulting in the client certificate providing no increased security for the user.

. The following security features of CODESYS are configured and displayed in the view:

  • Personal user certificate

  • Encrypted Communication

  • Encryption and signatures of IEC projects

  • Encryption and signature of download, online change, and boot application

  • Security level

Important

When the Security Screen is opened and closed again, the current settings are applied in the user options, even when no active changes have been made.

Tip

If the CODESYS Security Agent add-on product is installed, then the Security Screen view provides an additional Devices tab. This allows for the configuration of certificates for the encrypted communication with controllers.

Tab: Users

On this tab, certificates are configured which are required for the encrypted communication and the digital signature of the user. Only certificates with private keys can be specified here. The user profile is saved as an XML file in the user options.

User Profile and Certificate Selection

By default, the login name for Windows is specified as the user profile.

List box with existing user profiles

_cds_icon_security_add.png: Opens the User Profiles dialog

Here you specify the name for a new user profile.

_cds_icon_delete.png: Deletes the selected user profile

This user profile is no longer displayed in the list box.

Digital Signature

_cds_icon_cert_store_open.png: Opens the Certificate Selection dialog for selecting the certificate for the digital signature

One certificate can be selected. The certificate has to have a private key.

_cds_icon_delete.png: Deletes the displayed certificate

One certificate can be selected. The certificate has to have a private key.

Project File Decryption

_cds_icon_cert_store_open.png: Opens the Certificate Selection dialog for selecting the certificate for decrypting project files

One certificate can be selected. The certificate has to have a private key.

_cds_icon_delete.png: Deletes the displayed certificate

For more information, see: Certificate Selection

Table 83. Security Level

Activate the Use of Certificates for Enhanced Security

Enforce encrypted communication

_cds_icon_checked.png: When the user communicates with the controller, the server certificate of the controller is used for establishing an encrypted connection. Then the entire communication is encrypted.

Enforce encryption of project files

standard icon: All project files of the user are encrypted with a certificate. When the project is saved, it is encrypted with the certificate specified in the project settings (Project Settings → Security dialog). The selected certificate is displayed on the Project tab in the Project File Encryption group.

To open this project, the certificate to be encrypted has to be specified in Project File Decryption with a private key.

Enforce signing of project files

_cds_icon_checked.png: All project files of the user are signed with a certificate. In Digital Signature, a certificate has to be specified with a private key.

When a project is saved, a signature file (<project name>.project.p7s) is generated in the project directory containing the signature.

Enforce encryption of downloads, online changes and boot applications

_cds_icon_checked.png: The data which is downloaded to the controller has to be encrypted with a controller certificate.

This certificate is defined directly, either in the properties dialog of the application on the Encryption tab, or on the Project tab, in the Encryption of Boot Application, Download and Online Change group.

Controller certificates are located in the local Windows Certificate Store in the PLC Certificates directory. If the certificates of your controller are not available in the directory, then they first have to be loaded from the controller and installed to the directory. For these instructions, see the "Controller Certificates" chapter.

For more information, see: Protecting an Application

Enforce signing of downloads, online changes and boot applications

_cds_icon_checked.png: The online code (downloads, online changes, and boot applications) have to be signed with a certificate with a personal key. The certificate is selected from the Digital Signature area.

For more information, see: Protecting an Application

Enforce signing of compiled libraries

_cds_icon_checked.png: The File → Save Project as Compiled Library command generates a signed library (<library name>.compiled-library-v3).

. Requirements

  • A certificate with a private key which supports code signing is available.

  • A library compatibility >= CODESYS V3 SP15 is set in the project information.

Enforce timestamping of signed compiled libraries

_cds_icon_checked.png: The URL of the timestamp server which created the timestamp has to be entered in the Timestamping server field.

Example: timestamp.comodoca.com/rfc3161

For more information, see: Save Project as Compiled Library



Tab: Project

All project-specific settings are configured on this tab. These elements are active only when a primary project is loaded.

Project file encryption

Technology

_cds_icon_open_project_settings.png: Opens the Project Settings → Security dialog

When you select the Encryption project setting and then select Certificates in the dialog, you can click _cds_icon_cert_store_open.png to select a corresponding certificate. For more information, see the description of the Project Settings – Security dialog.

Certificates of Users Sharing this Project

Area for listing the certificates that encrypt the project file

Encryption of Boot Application, Download and Online Change

List of applications of the controller

Double-clicking an application in the list opens the Properties → Security dialog. The following fields are available in the open properties dialog, depending on the settings of the Security Level on the User tab of the Security Screen:

  • Encryption tab with active Certificates area

  • Encryption tab with Encryption Technology list box

In the Properties → Encryption dialog, click the _cds_icon_cert_store_open.png button to select the controller certificate for Encryption of Boot Application, Download and Online Change. For more information, see the description of the Properties – Encryption dialog.

Controller certificates are located in the local Windows Certificate Store in the PLC Certificates directory. If the certificates of your controller are not available in the directory, then they first have to be loaded from the controller and installed to the directory. For these instructions, see the Protecting and Saving a Project – Encryption with Certificates chapter.

For more information, see: Protecting an Application

For more information, see: Encrypting a project with a certificateEncrypting a project with a certificate

Tab: Devices

Tip

This tab is available only after you have installed the CODESYS Security Agent add-on. For more information, see: Security Screen: Devices in the CODESYS Security Agent help.

: