Certificates for Geo SCADA Expert Server and Client Connections
The use of certificates to initiate secure connections and encrypt the data that is transmitted between Geo SCADA Expert servers and clients is supported by Geo SCADA Expert 2020 onwards. From this version of Geo SCADA Expert, two sets of certificates are supported:
- Server certificates that the Geo SCADA Expert server provides to the clients, so that the clients can verify that the server is a valid Geo SCADA Expert server.
- Client certificates that the clients provide to the Geo SCADA Expert server, so that the server can verify that the clients are valid clients.
You can optionally require the client certificates to map to a Windows user account.
We strongly recommend that you set up your system to use trusted certificates to initiate secure connections and encrypt the data that is transmitted between Geo SCADA Expert servers and clients. To configure your system to use such certificates:
- Each server and client machine (if client certificates are required) should have its own unique certificate, which must have a private key associated with it. Obtain the required certificates from a trusted certificate authority (CA) and load each certificate into the Windows certificate store on the relevant machine. (Store the server certificate on the relevant server machine, and the client certificate on the relevant client machine.) For more information about certificate stores, see the Windows help.
- On the server machine, set up the required settings in the Server Configuration Tool
If the server is in a multi-server system, also configure the security settings that apply for outgoing server-to-server connections during which this server acts as a client
Repeat this step on each server in your system.
- On each client machine, set up the required client connection security for the client (
On Geo SCADA Expert systems on which certificates are used:
- If a Geo SCADA Expert server that does not have a valid certificate attempts to communicate with another Geo SCADA Expert server on the system (that requires valid server certificates):
- The connection will be declined
- An entry will be logged in the server log file of the server to which the connection attempt was made. The entry will indicate that the other server did not have a valid certificate (or has no certificate at all).
- If server certificates are required and a client attempts to connect to a Geo SCADA Expert server that does not have a valid certificate:
- The connection will be declined
- The client log file will indicate that a connection was attempted to a Geo SCADA Expert server that does not have a valid certificate (or has no certificate at all).
- If client certificates are required and a client that does not have a valid certificate attempts to connect to a Geo SCADA Expert server:
- The connection will be declined
- An entry will be logged in the server log file to indicate that a connection was attempted by a client that does not have a valid certificate (or has no certificate at all).
WARNINGpotential security breach
Clients that are running a version of Geo SCADA Expert that is earlier than Geo SCADA Expert 2020 are exempt from requiring valid client certificates and can still communicate with a server that has been updated to require client certificates.