Encrypted Communication with Devices via Controller Certificates

Requirement: A digital signature for certificate exchange is configured. Refer to the CODESYS Help "Encryption and Signing with Certificates".

We assume that there is still no certificate on the controller that is intended for encrypted communication. In the following steps, you generate this kind of certificate and encrypt communication:

1. Configure the active path to the controller.

2. Open the Security Screen view by double-clicking the symbol in the status bar or by clicking View ‣ Security Screen .

3. Click the button to refresh the list of available devices and their certificate store.

4. Select the corresponding device on the left side.

   ⇒ On the right side, there is still no license listed for the Encrypted communication use case.

5. Select Encrypted communication on the right side and click the button to generate a new certificate on the device.

   ⇒ The certificate is generated and listed in the table with its properties. The symbol before Encrypted communication now appears as such: .

6. In this step, you activate encrypted communication with the controller.

   Open the Security Screen view from CODESYS (Users tab). Activate the option Force encrypted communication (Security level).

   ⇒ As of this point, communication with all controllers is possible only as long as the certificate is valid on the controller and you have a key for it.

   The connecting line between the development system, the gateway, and the controller is displayed in yellow in the Communication tab of the device editor of the controller.

   As an alternative to the option Force encrypted communication that was just described and which applies to all controllers, you can also encrypt communication with a specific controller only. To do this, open the Communication tab in the device editor of the controller. Click Encrypted communication in the Device drop-down list.

7. Now log back in again to the controller.

   ⇒ A dialog opens with the notification that the certificate of the controller is not signed by a trusted source. In addition, the dialog displays information about the certificate and prompts for you to install it as a trustworthy certificate in the local store in the "Controller Certificates" folder.

8. Confirm the dialog.

   ⇒ The certificate is installed in the local store and you are logged in to the controller.

   In the future, communication with the controller will be encrypted automatically with this control certificate.

See also

• View 'Security Screen' - 'Devices'

• Integration in CODESYS Development System