earth_america
user_standard Log on
action_search_stroke
earth_america
Log on to rate and give feedback 1 2 3 4 5 Log on to rate
0
How to

How to


Products: AS-B, Edge Server, Enterprise Central, Enterprise Server, AS-P, Virtual Project Servers
Functionalities: Security
Product version: 2023
3/14/2023

Generating a Certificate Using WorkStation

Generate a self-signed certificate to improve the security in your system.

Show More
action_close

The EcoStruxure Building Operation software supports certificates. Certificates are electronic credentials that are used to certify the identities of computers, and other entities on a network.

The EcoStruxure Building Operation software supports both self-signed certificates and certificates issued by a certificate authority. Certificates are included in a backup and restored on the restored EcoStruxure BMS server.

You can add an existing certificate or generate a certificate. You then activate the certificate.

The access to the certificate management in the EcoStruxure Building Operation software can be set so that certificates can only be handled by authorized users.

Default Certificates

The EcoStruxure Building Operation software uses a default certificate that only supports encryption. The default certificate is installed by default on all EcoStruxure BMS servers. When a user logs on to an EcoStruxure BMS server, the user is notified in the Security certificate risk dialog box that the certificate cannot be validated.

The user must click trust to continue to log on to the system. This dialog box cannot be turned off. The warning is displayed each time the user log on.

Self-Signed Certificate

You can activate a self-signed certificate in EcoStruxure BMS servers. The self-signed certificate can be generated in the EcoStruxure Building Operation software or in another tool.

When the EcoStruxure Building Operation software is used to generate self-signed certificates, certificates can be generated for one or many servers at the same time.

When the user logs on to the EcoStruxure BMS server with an activated self-signed certificate the user is notified if the certificate is not valid. In this case the user can choose to always trust the certificate. If trusted, the self-signed certificate's public key is stored in the certificate list in Windows. The next time the user logs on to the EcoStruxure BMS server, Windows recognizes the certificate and the user can log on without trusting the certificate again.

CA Certificates

The EcoStruxure Building Operation software supports CA certificates, certificates issued by a certificate authority. The supported file format is PEM. Each certificate can include up to three separate files. CA certificate can be installed on a server using both WorkStation and Device Administrator.

For more information, see WorkStation Server CA Certificate Workflow .

Certificates and Licensing

Certificates generated using Workstation cannot be used for licensing in automation servers since these certificates do not provide a root certificate or other trust chain for validation. If you use WorkStation certificates, we recommend that you generate new ones for your automation servers from Device Administrator when you use licensing in automation servers.

For more information, see Certificates Managed using Device Administrator .

Certificates Managed by WorkStation

Certificates are used to increase the security of the communication between EBO servers and clients like WorkStation and WebStation.

For more information, see Certificates Managed Using WorkStation .

Certificates Managed Using Device Administrator

Certificates are used to increase the security of the communication between Device Administrator and automation server.

For more information, see Certificates Managed using Device Administrator .

Note:

Generating a certificate may take some time when you batch generate certificate for many automation servers at one time.

To generate a certificate using WorkStation
  1. In WorkStation, in the System Tree pane, select the automation server you want to configure.

  2. Click the Control Panel tab.

  3. Under Security and Communication , click Security Settings .

  4. In the Security Settings Control Panel, click Certificates .

  5. In the Certificates tab, expand Certificate settings .

  6. Select the automation servers in the server list.

  7. Click Manage Certificate .

  8. In the Manage Certificates dialog box, click Generate certificate .

  9. In the Generate Certificate dialog box, in the Name box, type a name for the certificate.

  10. In the Description box, type a description.

  11. In the Common name box, type the DNS address or IP address of the automation server where the certificate is used.

  12. Select Use IP/DNS from communication settings to automatically collect the IP address or DNS address from the communication setting on the automation server and add it to the certificate.

  13. In the Email address box, type the email address to the person or unit that is responsible for the certificate.

  14. In the Organizational unit box, type the organizational unit responsible for the certificate.

  15. In the Organization box, type the name of the organization responsible for the certificate.

  16. In the Country box, select the country.

  17. In the Valid from box, displays the time when the certificate starts. This date is always the current date.

  18. In the Valid to box, enter the date when the certificate expires.

  19. In the Password box, enter a password.

  20. In the Confirm password box, type the password again.

  21. Click OK .

Now that you have added a certificate, you need to activate the certificate for it to be in effect.

For more information, see Activating a Certificate Using WorkStation .

  • Certificates
  • Activating a Certificate Using WorkStation
  • Control Panel Tab
  • Security Settings – Control Panel
  • Certificates Tab
  • Generate Certificate Dialog Box
  • Manage Certificates Dialog Box
  • Enterprise Server System Upgrade Workflow
  • Automation Server System Upgrade Workflow