The EcoStruxure Building Operation software supports certificates. Certificates are electronic credentials that are used to certify the identities of computers, and other entities on a network.
The EcoStruxure Building Operation software supports both self-signed certificates and certificates issued by a certificate authority. Certificates are included in a backup and restored on the restored EcoStruxure BMS server.
You can add an existing certificate or generate a certificate. You then activate the certificate.
The access to the certificate management in the EcoStruxure Building Operation software can be set so that certificates can only be handled by authorized users.
The EcoStruxure Building Operation software uses a default certificate that only supports encryption. The default certificate is installed by default on all EcoStruxure BMS servers. When a user logs on to an EcoStruxure BMS server, the user is notified in the Security certificate risk dialog box that the certificate cannot be validated.
The user must click trust to continue to log on to the system. This dialog box cannot be turned off. The warning is displayed each time the user log on.
Self-Signed Certificate
You can activate a self-signed certificate in EcoStruxure BMS servers. The self-signed certificate can be generated in the EcoStruxure Building Operation software or in another tool.
When the EcoStruxure Building Operation software is used to generate self-signed certificates, certificates can be generated for one or many servers at the same time.
When the user logs on to the EcoStruxure BMS server with an activated self-signed certificate the user is notified if the certificate is not valid. In this case the user can choose to always trust the certificate. If trusted, the self-signed certificate's public key is stored in the certificate list in Windows. The next time the user logs on to the EcoStruxure BMS server, Windows recognizes the certificate and the user can log on without trusting the certificate again.
The EcoStruxure Building Operation software supports CA certificates, certificates issued by a certificate authority. The supported file format is PEM. Each certificate can include up to three separate files.
Für weitere Informationen siehe Server Certificate Workflow
.
Status of Certificate
The user can check the status of the certificate by clicking the lock in WorkStation or WebStation.
Certificates and Licensing
Certificates generated using Workstation cannot be used for licensing in automation servers since these certificates do not provide a root certificate or other trust chain for validation. If you use WorkStation certificates, we recommend that you generate new ones for your automation servers from Device Administrator when you use licensing in automation servers.
Für weitere Informationen siehe Certificates in Device Administrator
.
Server Certificate Workflow
Use this workflow to purchase, convert and install server certificates.
Für weitere Informationen siehe Server Certificate Workflow
.