Use SMS Certificates with Web Applications

Some of the features supported by Plant SCADA use web-based applications that host content in a web browser. These applications need to trust certificates that have been generated by the System Management Server (SMS).

Note: The information provided in this topic is intended for a scenario where SMS certificates are used on computers contained within your SCADA system network. If you want to deliver information across multiple domains or externally via the internet, we recommend you seek professional advice on setting up an external web server.

The following procedures are required to use SMS certificates with a web-based application.

Export Certificates from the SMS

You initially need to export a copy of two certificates created by the SMS.

1. Open Configurator and display the System Management Server page.

2. Confirm that the SMS is set up and operational (if required, see Configure a System Management Server).

3. Click on the Advanced button. The Advanced Configuration dialog will appear.

4. Confirm that the required certificate is selected, then click on the Details button.

   

   The Certificate dialog will appear.

5. Go to the Certification Path tab and select the entry "<computer name> ASB CA", then click the View Certificate button.

   

   Another dialog will appear specifically for the "<computer name> ASB CA" certificate. This is the dialog you use to export the certificate to a file.

6. On the Details tab, click Copy to File. This will open the Certificate Export Wizard.

7. Use the following settings to export the certificate as a CER file.

   • On the Export Private Key page, select No, do not export the private key.

   • On the Export File Format page, select DER encoded binary X 509 (.CER).

   • On the File To Export page, enter a path and file name (for example, "c:\temp\<machine name> ASB CA.cer").

8. When you reach the Finish page, review the settings and click Finish to export a copy of the certificate.

   You then need to repeat this process to export a copy of the "<computer name> ASB Root CA" certificate.

9. Go back to step 4 and select "<computer name> ASB Root CA" on the Certification Path tab.

10. Repeat steps 5—7.

Import Certificates on a Client Computer

To complete this process, you need the two CER files exported from the ASB CA and the ASB Root CA certificates.

11. Copy the two CER files to an appropriate location on the client computer.

12. Right click on the CER file created from the ASB Root CA certificate and select Install Certificate. This will open the Certificate Import Wizard.

13. Use the following settings.

    • Under Store Location, select Local Machine.

    • On the Certificate Store page, select Trusted Root Certification Authorities Store.

14. When you reach the last page, review the settings and click Finish.

    You then need to repeat this process for the CER file created from the ASB CA certificate.

15. Right click on the ASB CA file and select Install Certificate.

16. Use the following settings in the Certificate Import Wizard.

    • Under Store Location, select Local Machine.

    • On the Certificate Store page, select Intermediate Certification Authorities Store.

17. When you reach the last page, review the settings and click Finish.

See Also

Enable Encryption