Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Plant SCADA

TABLE OF CONTENTS

WebSocket Connections

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJun 27, 2024
  • 3 minute read

This section describes connection communication between WebSockets to both remote desktops and to the Plant SCADA Access Anywhere Secure Gateway.

WebSocket Communication to Remote Desktops

The Plant SCADA Access Anywhere Server installation includes a self-signed certificate for SSL connections. It is recommended self-signed certificates are only used for testing purposes within a domain. Self-signed certificates will result in insecure connection warning messages in the user's web browser. They will also stop iOS devices from connecting to the Secure Gateway.

For production systems, use either a trusted certificate purchased from a certificate authority (for example, DigiCert), or a domain-issued trusted certificate provided by your IT administrator. When using a domain-issued certificate, the domain trusted root certificates need to be distributed to every device that connects to Plant SCADA Access Anywhere.

Important: A signed certificate needs to have a private key associated with it. A .CER file may not have a private key. Use a signed certificate that includes a private key, which usually has a .PFX extension.

Note: The DNS address of the Plant SCADA Access Anywhere Server or Secure Gateway server needs to match the certificate name. If a wildcard certificate is being used, the domain needs to match. For example, if the certificate is for *.example.com the server name needs to end with example.com.

To use a trusted certificate on to the Plant SCADA Access Anywhere Server, perform the following procedures.

Import the Certificate on to the Plant SCADA Access Anywhere Server

  1. Locate the certificate file provided by your Plant SCADA Access Anywhere or domain administrator.

  2. Double click the certificate file, or right-click and select Import. The Certificate Import Wizard is displayed.

  3. Select Local Machine and click Next.

  4. On the next screen, check that the path to the certificate is correct.

  5. Click Next.

  6. On the next screen, enter the password for the certificate's private key.

  7. Click Next.

  8. On the next screen, specify the location where the certificate will be stored.

  9. Click Next.

  10. On the next screen, click Finish to import the certificate.

Configure the Certificate on the Plant SCADA Access Anywhere Server

  1. On the Plant SCADA Access Anywhere Server, open Windows Control Panel.

  2. Search for "Certificates".

  3. Select Manage computer certificates under Administrative Tools.

  4. Locate the correct certificate in the Certificate Manager.

    This will depend on where the certificate was imported. Typically this will be under 'Personal\Certificates'.

  5. Double click the certificate, then select the Details tab.

  6. Locate the Thumbprint property, then select the value and copy it to the clipboard.

  7. Launch the Plant SCADA Access Anywhere Server Configuration tool.

  8. Go to the Security tab.

  9. Paste the thumbprint from step 6 into the Certificate Thumbprint field.

  10. Click OK or Apply.

  11. Restart the Plant SCADA Access Anywhere Server.

    WebSocket connections via Plant SCADA Access Anywhere Secure Gateway

    When using the Plant SCADA Access Anywhere Secure Gateway, the connection between the Plant SCADA Access Anywhere Server browser client and the Plant SCADA Access Anywhere Secure Gateway can be encrypted. Refer to the Access Anywhere Secure Gateway Installation and Configuration Guide for instructions.

    In This Topic
    Related Links
    TitleResults for “How to create a CRG?”Also Available in