For a 1507SF controller communicating with a Unified PC running WinCC Unified Runtime V20 update 1, the required certificates and their configurations are as follows:
Required Certificates:
- PLC Certificate: The S7-1500 controller (or 1507SF) will require its own certificate.
- OPC UA Server Certificate: The Unified PC will require an OPC UA Server certificate for secure communication if using OPC UA.
Trust Relationship:
- One-sided SSL Authentication: The HMI device (Unified PC) must trust the PLC certificate of the S7-1500 controller.
- Reciprocal SSL Authentication: If using OPC UA, both the Unified PC and the PLC must trust each other’s certificates.
Procedure:
-
For the PLC Certificate:
- The PLC sends its certificate to the HMI device (Unified PC).
- The HMI device checks and must trust the PLC certificate to establish the connection.
- The PLC certificate is managed internally in the system and automatically trusted by the HMI device when loaded.
-
For OPC UA Communication:
- The Unified PC requires an OPC UA Server certificate.
- The 1507SF controller (acting as an OPC UA client) must trust the OPC UA Server certificate, and vice versa.
Steps to Establish Trust:
-
For Integrated Connection:
- Load the HMI device configuration, which includes the PLC certificate.
- The HMI device automatically trusts the PLC certificate.
-
For Non-Integrated Connection:
- Manually trust the PLC certificate if using a non-integrated connection or "ChangeConnection" system function.
-
For Redundancy (if applicable):
- Use CA-based certificates, as self-signed certificates are not supported for redundancy.
- Both Unified PCs in a redundant setup require Collaboration certificates.
Example Procedure for Managing Certificates:
- Unified PC:
- Manage third-party certificates via the Unified PC’s settings.
- Unified Panel:
- Trust the certificate via the Control Panel or file manager as outlined in your device's manual.
For more detailed guidance, please refer to the following sources: