The certificate management is not part of the Expert software, rather is called up directly via a browser by calling up an IP address from the HS/FS:
The ports addressed in this documentation are generally HTTPS ports!
The settings for these IP ports can be found in Expert under Master data -> Project -> Project settings -> Network -> Security.
The page called contains three or four sections:
HTTPS://HS_IP/hscertThe ports addressed in this documentation are generally HTTPS ports!
The settings for these IP ports can be found in Expert under Master data -> Project -> Project settings -> Network -> Security.
The page called contains three or four sections:
- System information
- Certificate (Root CA)
- Certificate for 1st IP port
- Certificate for 2st IP port (optional)
Time
Date and time of the HS/FS (if configured (Expert: Master data -> Project -> Project settings -> Other -> Time zone), in the time zone used) at the time when this page is retrieved.
2.Certificate (Root CA)
The Root certificate of the HS/FS.
It is generated by the HS/FS and has a validity period of 3650 days.
It is generated by the HS/FS and has a validity period of 3650 days.
Note
The behaviour on the initial start of the HS/FS with firmware 4.7 or higher is described in the online help for project and firmware transfer, Chapter "First upgrade to firmware with version 4.7 or higher".
Issued for (CN)
The Common Name of the HS/FS for which the Root certificate is issued ( = the currently queried HS/FS). Is composed of "HS-" and the IP address of the HS/FS.
Issued by (CN)
The Common Name of the issuer of the Root certificate. Is always the same HS/FS for which the Root certificate was issued. Is composed of "HS-" and the IP address of the HS/FS.
Certificate valid from
Start of the validity period of the Root certificate currently installed on the HS/FS in GMT (Greenwich Mean Time, also known as UTC = Universal Time Coordinated) with specification of the difference from the current time zone of the HS/FS. (GMT + difference = current time of the HS/FS).
Certificate valid until
End of the validity period of the Root certificate currently installed on the HS/FS. Time specification as for "Certificate valid from".
2.1.Download certificate
The Root certificate can be downloaded here. The file available for download is called "
This file can be imported as a root certificate into Windows certificate management or the certificate management of browsers, which use a separate certificate management system. After the import and, if necessary, restart of the browser and/or deletion of the browser cache, called HS/FS pages,such as the visualisation or list queries are recognised as secure pages.
root.crt".This file can be imported as a root certificate into Windows certificate management or the certificate management of browsers, which use a separate certificate management system. After the import and, if necessary, restart of the browser and/or deletion of the browser cache, called HS/FS pages,such as the visualisation or list queries are recognised as secure pages.
3.Generate
Clicking on this button opens the mask Generate certificate in which you have to provide the information required to generate the certificates.
The period of validity of the generated root certificate is 3650 days.
The periods of validity of the certificates generated for IP port 1 and 2 are 90 days in each case.
The period of validity of the generated root certificate is 3650 days.
The periods of validity of the certificates generated for IP port 1 and 2 are 90 days in each case.
Important
The Root certificate is always regenerated!
If the Upload button is selected, certificates on the HS/FS for IP ports 1 and 2 are not regenerated, but can only be replaced by new certificates using the Upload function!
If the Upload button is selected, certificates on the HS/FS for IP ports 1 and 2 are not regenerated, but can only be replaced by new certificates using the Upload function!
Generate certificate
Enter the following data in the input fields and then click on the Generate button to generate new certificates signed by the HS/FS and automatically install them on the HS/FS.
User name
User name of the HS/FS user.
This user must have the necessary rights for uploading a certificate to the HS/FS. (Expert: Users -> User rights -> Certificate)
This user must have the necessary rights for uploading a certificate to the HS/FS. (Expert: Users -> User rights -> Certificate)
Cancel
The generation of certificates is cancelled. The window "Generate certificate" will be closed.
Generate
If the user name and password are entered correctly, certificates with the settings defined in the project are generated.
If the user name and/or password are not correct, an error message is displayed, otherwise an info message is displayed indicating that generation was successful. If upload was successful, the certificate data displayed in the main mask is updated. The window "Generate certificate" will be closed.
If the user name and/or password are not correct, an error message is displayed, otherwise an info message is displayed indicating that generation was successful. If upload was successful, the certificate data displayed in the main mask is updated. The window "Generate certificate" will be closed.
4.Certificate for 1st IP port / 2nd IP port
Note
The area Certificate for 2nd IP port is only visible if a second IP port was enabled in the project (Expert: Master data -> Project -> Project settings -> Network -> Security). The possible settings are the same for both ports!
The behaviour on the initial start of the HS/FS with firmware 4.7 or higher is described in the online help for project and firmware transfer, Chapter "First upgrade to firmware with version 4.7 or higher".
The behaviour on the initial start of the HS/FS with firmware 4.7 or higher is described in the online help for project and firmware transfer, Chapter "First upgrade to firmware with version 4.7 or higher".
Issued by (CN)
The IP address or domain of the root certificate owner who issued the certificate for this port of the HS/FS.
Generated by device
Possible entries are:
Yes: One of the options "Device generates certificate (with configured CN) / Device generates certificate (with IP address as CN) was used.
No: The option "Load certificate onto the device" was used.
These settings options can be found in HS/FS Expert under Master data -> Project -> Project settings -> Network -> Security.
Yes: One of the options "Device generates certificate (with configured CN) / Device generates certificate (with IP address as CN) was used.
No: The option "Load certificate onto the device" was used.
These settings options can be found in HS/FS Expert under Master data -> Project -> Project settings -> Network -> Security.
Certificate valid from
Start of the validity period of the certificate currently installed on the HS/FS in GMT (Greenwich Mean Time, also known as UTC = Universal Time Coordinated) with specification of the difference from the current time zone of the HS/FS. (GMT + difference = current time of the HS/FS)
Certificate valid until
End of the validity period of the certificate currently installed on the HS/FS. Time specification as for "Certificate valid from".
4.1.Upload
Note
This option is only available if the setting that a self-created certificate is to be uploaded to the HS/FS was made in the project.
Clicking this button opens the Upload certificate mask, in which you have to select a certificate file and provide the information required for uploading the certificate for this port.
Upload certificate
Select the file, enter the following data in the input fields and then click on the Upload button to upload the selected certificate file to the HS/FS.
Select file
Click on the "Browse" button to open a standard Windows file dialogue to select a file. Here, select the specific certificate file of the
.pem type that you wish to upload and click "Open".User name
User name of the HS/FS user.
This user must have the necessary rights for uploading a certificate to the HS/FS. (Expert: Users -> User rights -> Certificate)
This user must have the necessary rights for uploading a certificate to the HS/FS. (Expert: Users -> User rights -> Certificate)
Upload
Important
The certificate to be uploaded must be available as a
.pem file and must not be password-protected.If the user name and password is entered correctly, the selected certificate file is uploaded. If the file to be updated is not identified as a valid certificate by the HS/FS or if the user name and/or password are not correct, an error message is displayed, otherwise an info message is displayed indicating that upload was successful. If upload was successful, the certificate data displayed in the main mask is updated. The window "Upload certificate" will be closed.