View 'Security Screen' - 'Devices'

Symbol:

Function: This tab allows for the configuration and the transfer of controller certificates for encrypted communication with the controller.

Call: Menu bar: View.

Requirement: The CODESYS Security Agent add-on product is installed.

For more information about this topic, refer to the CODESYS Help:

Security screen

The Devices tab shows all PLC devices configured in the project and their certificate store. If the communication path to the controller is configured, then you see the certificates that are stored in memory. Here you can create and configure new certificates on the controller.

Left side: Information	Devices and certificate store Shows the individual devices as expandable nodes, each with the controller-specific certificate store below it. For example, there are the following categories for CODESYS Control Win V3: Individual certificates with the assigned private key to which you have access Trusted certificates created by a trusted certificate source Untrusted certificates that you defined specifically as not trusted Certificates in quarantine that do not fulfill the criteria of the categories above
Toolbar (left side)	: Refresh the display : Download: Transfer the selected certificate to the PLC
Right side:	If the active path to the controller is set and a device node is selected, then every use case for controller certificates is displayed on the right side. OPC UA-Server: Encrypted communication over an OPC UA server Encrypted communication: Encrypted communication between the development system and the controller Encrypted communication: Encryption of the boot application Web server: Encrypted communication with the web server As long as a certificate is not available for one of these use cases, it is displayed with the symbol as (not available). When a certificate store is selected on the left side, all certificates in it are displayed on the right side with the following information: Information: Use case (currently the controller component in question is displayed: for example CmpSecureChannel.) Created for: Name of the computer for which the certificate was created (for example, MyLocalPC) Created by: Name of the computer on which the certificate was created (for example, MyLocalPC) Valid as of: Date (for example, 07/20/2017 15:09:29) Valid until: Date (for example, 07/20/2022 00:00:00) Thumbprint: Hash value from specific properties of the certificate for purposes of identification (for example, 279e1a46b86bd636c8e6f19fd51c222469ec49a8) Double-clicking a certificate entry opens the default Windows Certificate dialog. Here you can import a controller certificate in the Windows Certificate Store to the directory Controller certificates so that it is available for encryption of download, online change, and boot application. If multiple certificates are available for one use case, then the system follows the steps below to determine the certificate that is used: Certificate that was created directly by the user (currently not supported) Filtering of existing certificates by: Subject (user of the certificate) Key usage Extended key usage Valid time stamp Dividing of detected, valid certificates as "signed" and "self-signed" Filtering of signed certificates, and the self-signed certificates by the following criteria: Longest validity period Strongest key
	Drag&Drop: Moving of the certificate to another certificate store of the same device Double-clicking a certificate entry opens the default Windows dialog for displaying all certificate information.
Toolbar (right side)	: Creates a new certificate for a specific use case The Certificate Settings dialog opens for configuring the Validity period of the certificate and the Key length for the private key. Clicking OK saves the specified values in the CODESYS options. The values are reset at the next operation. As long as the certificate is being created, "(computing)" is shown after the use case. You cannot cancel the creation operation, but you can close and continue working with the Security Screen. : Upload and save the selected certificate to the local file system. : Delete the selected certificate.