earth_america
user_standard Log on
action_search_stroke
earth_america
Log on to rate and give feedback 1 2 3 4 5 Log on to rate
0
Concept

Concept


Products: AS-B, Edge Server, Device Administrator, AS-P
Functionalities: Hardware, Security
Product version: 2023, 2024
3/12/2024

CA Certificate Management 

If https is being used in server to server communication, the SSL certificates are now being validated when a connection is set up between 2 servers.

If the SSL certificate fails, the validation the default behaviour is to issue a system alarm informing the user of the invalid certificate being used.

In the control panel, it is possible to change this behaviour to

  • Do nothing

  • Send alarm

  • Stop Communication

  • Send alarm and stop communicating

If you are using the default certificates distributed with the EBO installation, these certificates will always fail the validation since they are self-signed and cannot be validated against a CA certificate.

In order to supply certificates that can be validated you need to perform some steps in the Device Administrator for the automation servers and some manual steps in Windows for the Windows servers.

You need to create server certificates that have been signed by a CA certificate.

For servers exposed to public networks usually a commercial certificate is being used, obtained from a trusted certificate authority.

For servers on private isolated networks, self-signed CA certificates can be used.

In the Device Administrator CA certificates can now be downloaded to the automation server.

For Windows servers, you instead add them to the Windows certificate store.

The server certificate that has been signed with the CA certificate is also downloaded via Device Administrator to automation servers.

  • Certificates Managed using Device Administrator
  • Displaying a List of Pre-installed CA Certificates Using Device Administrator
  • Device Administrator Certificate Workflow
  • Server SSL Certificate Defaults Dialog Box
  • Generating an SSL Certificate for an Automation Server Using Device Administrator