Drivers Guide - Which SSL Certificate File Types does my Driver Support? (Transport Layer Security (TLS))

Which SSL Certificate File Types does my Driver Support?

Geo SCADA Expert supports all of the certificate and private key file types that are mentioned in this topic. Each advanced driver in Geo SCADA Expert typically supports a subset of these file types. Use this topic to determine which certificate and private key file types are supported by the driver that you intend using. You might find that you need to convert certificates or private keys into the required file type; you can do this using a tool such as OpenSSL. Ensure that you only import the appropriate file types into the Geo SCADA Expert database. With private keys, also check whether the driver and device or application with which it is to communicate supports encrypted private keys, and if so, the file format that is required.

WARNING

POTENTIAL security BREACH

You MUST ensure that private keys are kept and transferred securely. Failure to do so could compromise the security of your system; potentially, it could lead to unauthorized access to your system.

Failure to follow these instructions can result in death, serious injury, or equipment damage. The breach in system security could leave the database vulnerable to unauthorized and potentially malicious use.

When there is a choice, we recommend that you use encrypted PFX, or encrypted private keys, as this provides an additional layer of protection. If you choose PFX, it also has the convenience of the certificates and private key being stored together in a single file.

Geo SCADA Expert supports the following certificate types (including certificate chains in a single file):

X.509 (both PEM and DER format).
PKCS#7 (both PEM and DER format).
PFX / PKCS#12 (including encrypted).
(With PFX, the certificates and private key are together in a single file.)
Microsoft serialized certificate store.

Geo SCADA Expert supports the following private key file types:

PKCS#1 RSA private key (both PEM and DER format).
PKCS#8 unencrypted private key (both PEM and DER format).
PKCS#8 encrypted private key (both PEM and DER format).
PFX / PKCS#12 (including encrypted).
(With PFX, the certificates and private key are together in a single file.)

Certificate and private key file types that are supported by specific advanced drivers:

IEC 61850: Only supports X.509 certificates and private key types except for PFX. Both files must be in PEM format.
MQTT: Only supports X.509 certificates and private key types except for PFX. Both files must be in PEM format.
OPC-UA (client): Only supports X.509 certificates and unencrypted private keys. Both files must be in DER format.
Other advanced drivers (including, but not limited to, DNP3, IEC 60870-5-104, Advanced Modbus, and Advanced Trio Diagnostics): Support certificate and private key file types other than PKCS#8 encrypted private keys. (To encrypt private keys, use the PFX file type.)

Remember that you only use certificates with network-connected drivers. You will also need certificates for the devices or applications at the other end of the connection; the certificate and private key file types that those devices and applications support is outside of the scope of this documentation.

Further Information

For information about which certificate format and file types are supported by the device or application with which Geo SCADA Expert is to connect, please refer to the documentation provided with that device or application.