Security Tab

The Security Tab shows the security relevant settings for the driver. With the exception of the password, the settings applied here will be saved to the corresponding element on the internal datapoint _IEC61850_IED in the structure .Config.Security. See also the Description of the internal datapoint.

Figure 1. Security Tab
Note: The buttons next to the fields for the certificate names open either the default directory (WinCC_OA_Proj\data\IEC61850\cert) or the directory set with the config entry [iec61850]certPath. From there, choose the required certificate.

General

Authentication This sets the type of encryption. Available are:

  • None: The communication is not encrypted.
  • Password: The communication is not encrypted. The password will be saved encrypted on the internal datapoint, but sent as plain text.
  • TLS + Password: The communication between client and server is encrypted using TLS. The use of a password is optional

Password This entry is optional. The password is saved encrypted on the internal datapoint .Config/Password.

TLS Method

Sets the type of TLS encryption. This must match the encryption type used by the corresponding server. Available methods:

  • TLSv1
  • TLSv1.1
  • SSLv2
  • SSLv3
  • SSLv2and3

CA file path

File containing the certificates of the Certificate Authority (CA certificates). Can be selected using the button next to the field.

CRL file path

The Revocation List of the Certification Authority. Can be selected using the button next to the field.

Ciphers

The openSSL Cipher Suite string. If the field is left empty, the following string is used: "TLSv1:TLSv1.1:TLSv1.2:SSLv3:!SSLv2:!aNULL:!eNULL:!CAMELLIA:!EXPORT40:!EXPORT56:@STRENGTH"

CA verify depth

The Depth of certificate chaining for Certificate Authority files. Allowed values are 0-99999.

MMS

Cert path

The Certificate for the MMS encryption. Can be selected using the button next to the field.

Common name

The MMS common name. This will be expected by the server for received MMS certificates. The name will be saved in clear text on the internal datapoint.

Key file path

The Private Key for the MMS encryption. Can be selected using the button next to the field.

Key pass

The passphrase for decrypting the Private Key. Saved encrypted on the internal datapoint.

TLS

Cert path

The Certificate for the TLS encryption. Can be selected using the button next to the field.

Common name

The TLS common name. This will be expected by the server for received TLS certificates. The name will be saved in plain text on the internal datapoint.

Key file path

The Private Key for the TLS encryption. Can be selected using the button next to the field.

Key pass

The passphrase for decrypting the Private Keys. Saved encrypted on the internal datapoint.

Renegotiation count

The maximum number of exchanged MMS messages, before the encryption of the connection is reverified.

Renegotiation timeout

The maximum time in seconds, before the encryption of the connection is reverified.