SSL Certificates

The Plant SCADA Access Anywhere Secure Gateway installation includes a self-signed certificate for SSL connections. It is recommended self-signed certificates are only used for testing purposes within a domain. Self-signed certificates will result in insecure connection warning messages in the user's web browser. They will also attempt to prevent iOS devices from connecting to the Secure Gateway.

For production systems, use either a trusted certificate purchased from a certificate authority (for example, DigiCert), or a domain-issued trusted certificate provided by your IT administrator. When using a domain-issued certificate, the domain trusted root certificates need to be distributed to every device that connects to Plant SCADA Access Anywhere.

Important: The signed certificate needs to have a private key associated with it. A .CER file may not have a private key. Use a signed certificate that includes a private key, which usually has a .PFX extension.

Note: The DNS address of the Plant SCADA Access Anywhere Server or Secure Gateway server needs to match the certificate name. If a wildcard certificate is being used, the domain needs to match. For example, if the certificate is for *.example.com the server name needs to end with example.com.