Certificate management is not part of the Expert software. Instead, you call it directly from the HS/FS via a browser by entering an IP address:
The ports referred to in this documentation are always HTTPS ports.
To find settings for these IP ports in the Expert software, choose Master data -> Project -> Project settings -> Network -> Security in the menu.
The page displayed contains three or four sections:
HTTPS://HS_IP/hscert
The ports referred to in this documentation are always HTTPS ports.
To find settings for these IP ports in the Expert software, choose Master data -> Project -> Project settings -> Network -> Security in the menu.
The page displayed contains three or four sections:
- System information
- Certificate (Root CA)
- Certificate for 1st IP port
- Certificate for 2nd IP port (optional)
Time
Date and time of the HS/FS (if configured (Expert: Master data -> Project -> Project settings -> Other -> Time zone), in the time zone used) when this page is called.
2. Certificate (Root CA)
The root certificate of the HS/FS.
It is generated by the HS/FS and is valid for 3650 days.
It is generated by the HS/FS and is valid for 3650 days.
Note
The behaviour when the HS/FS is started for the first time with firmware version 4.7 or higher is described in the “First upgrade to firmware with version 4.7 or higher” section of the online help on loading projects or firmware.
Issued for (CN)
The common name of the HS/FS for which the root certificate is issued (= the HS/FS currently being queried). It comprises “HS-” and the IP address of the HS/FS.
Issued by (CN)
The common name of the root certificate issuer. It is always the same HS/FS for which the root certificate was issued. It comprises “HS-” and the IP address of the HS/FS.
Certificate valid from
Start of the validity period of the root certificate currently installed on the HS/FS in GMT (Greenwich Mean Time, also referred to as UTC = Coordinated Universal Time), plus the deviation from the current time zone of the HS/FS. (GMT + deviation = current time of the HS/FS).
Certificate valid until
End of the validity period of the root certificate currently installed on the HS/FS. Enter the time in the same way as for “Certificate valid from”.
2.1. Download certificate
You can download the root certificate here. The file provided for download is called “
You can import this file as a root certificate to the Certificate Manager in Windows and/or to the certificate managers of browsers which use their own certificate management. After importing the file and restarting the browser, if necessary, and/or deleting the browser cache, the HS/FS pages accessed, such as the visualisation or list queries, are recognised as trusted sites.
root.crt
”.
You can import this file as a root certificate to the Certificate Manager in Windows and/or to the certificate managers of browsers which use their own certificate management. After importing the file and restarting the browser, if necessary, and/or deleting the browser cache, the HS/FS pages accessed, such as the visualisation or list queries, are recognised as trusted sites.
3. Generate
When you click this button, the
Generate certificate mask opens in which you must enter the required data for generating the certificates.
The validity period of the generated root certificate is 3650 days.
The validity periods of the certificates generated for IP port 1 and 2 are 90 days each.
The validity period of the generated root certificate is 3650 days.
The validity periods of the certificates generated for IP port 1 and 2 are 90 days each.
Caution
The root certificate is always regenerated!
The certificates uploaded to the HS/FS for IP ports 1 and 2 when you click the Upload button are not regenerated. Instead, they can only be replaced by new certificates using the Upload function!
The certificates uploaded to the HS/FS for IP ports 1 and 2 when you click the Upload button are not regenerated. Instead, they can only be replaced by new certificates using the Upload function!
Generate certificate
Enter the following data in the input fields, and then click the
Generate button to generate new certificates signed by the HS/FS and to install them automatically on the HS/FS.
User name
User name of the HS/FS user.
This user must have the necessary rights to upload a certificate on the HS/FS. (Expert: Users -> User rights -> Certificate)
This user must have the necessary rights to upload a certificate on the HS/FS. (Expert: Users -> User rights -> Certificate)
Generate
If the user name and password are entered correctly, certificates are generated with the settings defined in the project.
If the user name and/or password are incorrect, an error message is displayed. Otherwise, a message appears informing you that the certificate was generated successfully. If successful, the certificate data displayed on the main mask is updated. The “Generate certificate” window closes.
If the user name and/or password are incorrect, an error message is displayed. Otherwise, a message appears informing you that the certificate was generated successfully. If successful, the certificate data displayed on the main mask is updated. The “Generate certificate” window closes.
4. Certificate for 1st IP port / 2nd IP port
Note
The Certificate for 2nd IP port area is only visible if a second IP port (Expert: Master data -> Project -> Project settings -> Network -> Security) has been activated in the project. The possible settings are the same for both ports.
The behaviour when the HS/FS is started for the first time with firmware version 4.7 or higher is described in the “First upgrade to firmware with version 4.7 or higher” section of the online help on loading projects or firmware.
The behaviour when the HS/FS is started for the first time with firmware version 4.7 or higher is described in the “First upgrade to firmware with version 4.7 or higher” section of the online help on loading projects or firmware.
Issued by (CN)
The IP address or domain of the root certificate holder from which the certificate for this HS/FS port was issued.
Generated by device
Possible entries are:
Yes: One of the options “Device generates certificate (with configured CN) / Device generates certificate (with IP address as CN)” has been used.
No: The “Load certificate onto the device” option has been used.
You can find these options in the HS/FS Expert under Master data -> Project -> Project settings -> Network -> Security.
Yes: One of the options “Device generates certificate (with configured CN) / Device generates certificate (with IP address as CN)” has been used.
No: The “Load certificate onto the device” option has been used.
You can find these options in the HS/FS Expert under Master data -> Project -> Project settings -> Network -> Security.
Certificate valid from
Start of the validity period of the certificate currently installed on the HS/FS in GMT (Greenwich Mean Time, also referred to as UTC = Coordinated Universal Time), plus the deviation from the current time zone of the HS/FS. (GMT + deviation = current time of the HS/FS)
Certificate valid until
End of the validity period of the certificate currently installed on the HS/FS. Enter the time in the same way as for “Certificate valid from”.
4.1. Upload
Note
This option is only available if you have specified in the project that a certificate you create yourself is to be uploaded to the HS/FS.
When you click this button, the
Upload certificate mask opens in which you must select a certificate file and enter the required data for uploading the certificate for this port.
Upload certificate
Select a file and enter the following data in the input fields, and then click the
Upload button to upload the selected certificate file to the HS/FS.
Select file
Click the “Browse” button to open a standard Windows file dialog for selecting a file. Select the certificate file defined for the upload of the
.pem
type and click “Open”.
User name
User name of the HS/FS user.
This user must have the necessary rights to upload a certificate on the HS/FS. (Expert: Users -> User rights -> Certificate)
This user must have the necessary rights to upload a certificate on the HS/FS. (Expert: Users -> User rights -> Certificate)
Upload
Caution
The certificate to be uploaded must exist as a
.pem file and must not be password-protected.
If you enter the user name and password correctly, the selected certificate file is uploaded. If the file to be uploaded is not recognised as a valid certificate by the HS/FS or if the user name and/or password is incorrect, an error message is displayed. Otherwise, a message appears informing you that the certificate was uploaded successfully. If successful, the certificate data displayed on the main mask is updated. The “Upload certificate” window closes.