Configuring a Secured Connection Between a Controller and the SQL Gateway
For configuring secured connections between controllers and the SQL Gateway, you have to execute the following specific steps that are described in this chapter:
oActivating TCP port for secured communication.
oSelecting / creating a server certificate for your SQL Gateway.
oImporting certificates of permitted controllers / accepting received certificates.
Activating TCP Port for Secured Communications
To activate the TCP port for secured communications, proceed as follows:
|
Step |
Action |
|---|---|
|
1 |
Select the Settings tab of the SQL Gateway. |
|
2 |
Select the node Client Communication from the tree on the left-hand side. |
|
3 |
In the Client Communication view on the right-hand side, select the option TCP Port (Secured). |
|
4 |
Adapt the default port number 3458 to your individual configuration, if required. |
Managing the Server Certificate of Your SQL Gateway
The server certificate is the certificate being used by the SQL Gateway for secured connections to the controllers.
oThe server certificate must contain a private key and must be installed in the certificate store of your PC.
oThe definition of a server certificate is required for secured controller communication.
To create a server certificate for your SQL Gateway, proceed as follows:
|
Step |
Action |
|---|---|
|
1 |
Select the Settings tab of the SQL Gateway. |
|
2 |
Select the node Client Communication > Server Certificate from the tree on the left-hand side. |
|
3 |
Click Create to create a new certificate for the SQL Gateway. Result: The Create Server Certificate dialog box opens. |
|
4 |
In the Create Server Certificate dialog box, configure the following parameters: oName: Enter a name for your server certificate. oIssued To: Enter information about the owner of the certificate. oValidity (Days from now): Enter the number of days the certificate will be valid. |
|
5 |
Click OK. Result: A new self-signed certificate is created and installed into the certificate store. The Server Certificate view displays the properties of the certificate you created. |
To select a server certificate that is already available, proceed as follows:
|
Step |
Action |
|---|---|
|
1 |
In the Server Certificate view, click the Select button. Result: The Select SQL Gateway Certificate dialog box opens. It displays the certificates that are installed in the certificate store of the local PC. |
|
2 |
Select a certificate from the list and click OK. Result: The Server Certificate view displays the properties of the selected certificate. |
To remove a server certificate from the SQL Gateway, proceed as follows:
|
Step |
Action |
|---|---|
|
1 |
In the Server Certificate view, click the Clear button. Result: The certificate is removed from the SQL Gateway. NOTE: The certificate is still available in the certificate store of the local PC. |
To export the server certificate as a .cer file, proceed as follows:
|
Step |
Action |
|---|---|
|
1 |
In the Server Certificate view, click the Export button. |
|
2 |
Enter a name for the .cer file and browse to a suitable folder to save it. |
|
3 |
Click the Save button. |
You can import the .cer file as a trusted certificate to the client controller. For further information on this procedure, refer to the How to Manage Certificates on the Controller User Guide.
Importing Certificates of Permitted Controllers
To define certificates of controllers as Permitted Clients, proceed as follows:
|
Step |
Action |
|---|---|
|
1 |
Obtain the certificate of the controller by using the editor Security Screen in EcoStruxure Machine Expert Logic Builder (also refer to the How to Manage Certificates on the Controller User Guide) and save the .cer file to your local PC. |
|
2 |
Select the Settings tab of the SQL Gateway. |
|
3 |
Select the node Client Communication > Permitted Clients (Secured) from the tree on the left-hand side. Result: The view on the right-hand side displays the certificates of the permitted controllers. |
|
4 |
Click the Import Certificates button to open a Windows file dialog box. |
|
5 |
Browse to the suitable folder and select one or more .cer files representing the client certificates of your controllers. |
|
6 |
Click Open. Result: The selected certificates are now displayed in the table. |
The value in the column IP Address indicates the IP address of the controller that uses this certificate to connect to the SQL Gateway. The value in the column Name is set to the name of the certificate file after import. You can edit this field to assign a meaningful name. The other columns cannot be edited.
To remove a certificate, select the entry in the list, and click the Delete button.
Accepting Received Certificates
The node Client Communication > Permitted Clients (Secured) of the Settings tab provides a list of Rejected Client Certificates.
This list presents the certificates of controllers that attempted to connect to the SQL Gateway via a secured connection. Since these certificates had not been available in the list of Permitted Clients (Secured) when the attempt was made, a connection to these controllers was rejected by the SQL Gateway.
If you are sure that an entry in this list represents a controller that is suitable for secured communication, select the certificate and click the Accept button.
Result: The controller entry is shifted to the Permitted Clients (Secured) list and secured communication to this client is allowed.
It is a good practice to remove those entries from the Rejected Client Certificates list that you do not identify as controllers for secured connections by clicking the Delete or Delete all button.
