Encrypting Boot Applications with Certificates

 

Aim: You want to encrypt the boot application with a certificate from the controller in order to make sure that it cannot be exchanged. To do this, a corresponding certificate must be created on the controller and installed in the Windows Certificate Store of your computer.

Requirement: The active path to the controller is configured. A digital signature for certificate exchange is configured. Refer to the standard CODESYS online help "Encryption and Signing with Certificates".

  1. Open the Security-Screen view by double-clicking the _cds_icon_cyber_screen_grey.png symbol in the status bar or by clicking View ‣ Security-Screen .

  2. Click the button Refresh the list of available devices and their certificate store.

  3. Select the device entry on the left side.

  4. Select Encrypted Application on the right side and click the button Generate a new certificate on the device.

    ⇒ The certificate is created and listed in the table with the _cds_icon_cert_private_key.png symbol.

  5. Double-click the certificate entry.

    ⇒ The default Windows Certificate dialog opens.

  6. Click the Install certificate button in the General tab.

    ⇒ The Certificate import assistant opens.

  7. In the Certificate memory dialog, select the option Save all certif­icates in the following memory location, and then select the folder Controller Certificates as the Certificate memory.

    ⇒ The controller certificate is imported to the directory Controller certificates and is now available for encryption of download, online change, and boot application.

  8. Follow the steps below if you want the boot application of your project, as well as downloads and online changes, to always be encrypted.

  9. Open the Users tab in the Security-Screen. Activate the option Force encryption of downloads, online changes, and boot applications in the Security-Level area.

  10. Open the Project tab and double-click the application entry in the are Encryption of boot application, download, and online change.

    ⇒ The Properties dialog of the application opens.

  11. Select the Encryption tab and select Encryption with certificates as the Encryption technology. Then click _cds_icon_cert_store_open.png. Note: If the option Force encryption of downloads, online changes, and boot applications is activated in the Security screen, then Encryption with certificates is already preselected.

  12. In the Certificate selection dialog, select the corresponding certif­icate from the Controller certificates folder and click _cds_icon_arrow_up.png.

  13. Click OK to confirm the dialog.

    ⇒ The certificate is displayed in the properties dialog.

  14. Confirm the Properties dialog of the application.

    ⇒ The certificate is displayed in the Security screen view (Project tab, Encryption of boot application, download, and online change): The boot application, download, and online change are encrypted.

  15. Now transferring the boot application, download, and online change are possible, as long as the certificate configured for it and the signature are valid.

See also

1.0.0.0

© Copyright 2019, CODESYS GmbH