Open topic with navigation

SSL Certificates for Driver Communications

WARNING

POTENTIAL SECURITY BREACH

We strongly recommend using network-connected Geo SCADA Expert drivers in a private network only (either physical or virtual). We recommend against using such drivers for communications over the public Internet. If the drivers are used over the public Internet, as a minimum those drivers should use valid SSL certificates to initiate secure connections and encrypt the data that is transmitted over the network.
Failure to follow these instructions can result in death, serious injury, or equipment damage. The breach in system security could expose sensitive data and the leave the database vulnerable to unauthorized and potentially malicious use.

To enable some Geo SCADA Expert drivers to communicate more securely with another device or application, a valid SSL certificate is required. The certificate is used during the communications establishment phase to initiate a secure connection between Geo SCADA Expert and the other device. Once the certificate's credentials have been verified, the communications between Geo SCADA Expert and the other device or application are encrypted.

If an SSL certificate is required, this is specified in the driver-specific guides. If so, you should purchase a certificate from a trusted Certificate Authority and store that certificate securely. In order for Geo SCADA Expert to use the certificate, you need to import that certificate into the Geo SCADA Expert database. To do this, you need to:

  1. Create a suitable SSL Certificate database item. Choose whichever type of database item suits the required security setup:
    • SSL Certificate—Used to import a public certificate into the database. The driver can use this type of certificate to verify that the device or application to which it is connecting has a trusted certificate.
    • SSL Certificate and Key—Used to import a private certificate and matching private key into the database. This type of certificate enables the server to which Geo SCADA Expert is connecting to verify Geo SCADA Expert's identity.

    SSL Certificate database items are available from the Security branch of the Create New menu. The configuration Forms of the database items merely contain tabs of properties that are common to many database items (see SSL Certificate Database Items).

  2. Use the SSL Certificate database item to import and store the SSL certificate details in the database (see Import an SSL Certificate into the Database).
  3. Reference the SSL Certificate database item from the relevant driver-specific item. This type of database item varies per driver (see the driver-specific guide for details).

With a multi-server system that provides redundancy, you only need to import an SSL certificate into the database once; thereafter the imported certificate details are synchronized between the main and standby servers.

SSL certificates are referred to as 'digital certificates' in some third-party documentation.

NOTICE

LOSS of communication

If Geo SCADA Expert is unable to establish a network connection with a device that uses an SSL certificate, check that the certificate is valid, has not expired, and has not been revoked. Perform these checks in addition to those that you would otherwise perform if Geo SCADA Expert is unable to establish a connection with a device.
Failure to follow these instructions can result in loss of communications between Geo SCADA Expert and the network-connected device.

Disclaimer

Geo SCADA Expert 2020

© 2020 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. Schneider Electric, Life is On Schneider Electric and EcoStruxure are trademarks and the property of Schneider Electric SE and are being licensed to AVEVA by Schneider Electric.