The View > Security Screen command opens the Security Screen editor. It allows you to configure parameters for encrypted communication related to the user, to the project and to the controller.
As an alternative, you can open the Security Screen editor by double-clicking the 
button from the EcoStruxure Machine Expert Logic Builder status and information bar.
Security Screen editor with the Devices tab open:
The User tab allows you to configure security-related parameters for the logged-in user:
oCertificates required for secured communication. Certificates with private keys are required for this purpose.
oDigital signature of the user
Elements of the User tab:
|
Element |
Description |
|---|---|
|
User profile and certificate selection area |
|
|
List of available user profiles |
Select a user profile from the list. By default, the Windows login name is specified as user profile. Click the plus button to open the User Profiles dialog box for adding a user profile. Click the cross button to remove a user profile from the list. |
|
Digital signature |
List of certificates with public key available for the digital signature. Click the Click the cross button to remove a certificate from the digital signature. |
|
Project file decryption |
Indicates the certificate that is used for decrypting project files. Click the Click the cross button to remove the displayed certificate. |
|
Security level area |
|
|
Activate the use of certificates for enhanced security: |
Select the following options if you want to force the use of encryption functions. |
|
Enforce encrypted communication |
When selected, the server certificate of the controller must be used for establishing an encrypted connection with the controller. |
|
Enforce encryption of project files |
When selected, the project files of the selected user are encrypted with the public keys of a certificate. When the project is saved, it is encrypted with the certificate specified in the Project Settings > Security dialog box. The selected certificates are displayed in the Project file encryption area of the Project tab. To open the project, the certificate with a private key used for encryption must be specified with the parameter Project file decryption. |
|
Enforce signing of project files |
When selected, the project files of the selected user are signed with the public key certificate that is specified within the Digital signature parameter. When a project is saved, a signature file <project name>.project.p7s containing the signature is saved to the project directory. |
|
Enforce encryption of downloads, online changes and boot applications |
When selected, the data that is downloaded to the controller needs to be encrypted with a controller certificate. This certificate is defined in the Security Screen, tab Project, Encryption of Boot Application, Download and Online Change area. Controller certificates are stored in the local Windows certificate store in the controller certificates directory. If the certificates of your controller are not available in the directory, then they must be loaded from the controller and installed to the directory. For information on handling controller certificates, refer to the How To Manage Certificates on the Controller User Guide. This function is not supported by Schneider Electric controllers. |
|
Enforce signing of downloads, online changes and boot applications |
When selected, the online code (downloads, online changes, and boot applications) needs to be signed with a certificate with a public key. The certificate is selected from the Digital signature list in this tab. As a prerequisite, the option Enforce encryption of downloads, online changes and boot applications must be selected. |
The Project tab allows you to configure project-specific settings.
Elements of the Project tab:
|
Element |
Description |
|---|---|
|
Project file encryption area |
|
|
Technology |
Click the |
|
Certificates of Users Sharing this Project |
Table listing the certificates that encrypt the project file. |
|
Encryption of Boot Application, Download and Online Change area |
|
|
List of the applications of the controller |
Double-clicking an application in the list opens the Properties > Encryption dialog box. Depending on the settings of the Security Level in the User tab of the Security Screen, the following fields are available: oEncryption tab with active Certificates area oEncryption tab with Encryption Technology list In the Properties > Encryption dialog box, click the Controller certificates are stored in the local Windows certificate store in the controller certificates directory. If the certificates of your controller are not available in the directory, then they must be loaded from the controller and installed to the directory. This function is not supported by Schneider Electric controllers. |
The Devices tab of the Security Screen editor allows you to configure secured TCP communication to the connected controller. It provides access to the folders that are dedicated to managing certificates on the connected controller. For further information, refer to the How To Manage Certificates on the Controller User Guide.
button to open the 
button to open the