How it Works
Siemens
Loading...
SR660XA
User Manual
32 pgs2.09 Mb0

Siemens SR640XA, SR650XA, SR660XA, ROS, ROX User Manual

Introduction
1
2
Generating SSH Keys and SSL Certificates for ROS and ROX Using Windows AN22
Application Note
Installing the Scripts
Using Scripts to Create SSL Certificates
Using the Scripts to Create SSH Keys for ROS
Adding a Root CA Certificate to the List of Trusted Root CAs
PEM Formatted Certificates and Keys
Generating a Certificate from a Certificate Request in Windows 2008 CA
Frequently Asked Questions (FAQs)
3
4
5
6
7
8
9
6/2013
RUGGEDCOM
Application Note
Copyright © 2013 RuggedCom Inc.
All rights reserved. Dissemination or reproduction of this document, or evaluation and communication of its contents, is not authorized except where expressly permitted. Violations are liable for damages. All rights reserved, particularly for the purposes of patent application or trademark registration.
This document contains proprietary information, which is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced or translated to another language without the prior written consent of RuggedCom Inc.
Disclaimer Of Liability
Siemens has verified the contents of this manual against the hardware and/or software described. However, deviations between the product and the documentation may exist.
Siemens shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing, performance, or use of this material.
The information given in this document is reviewed regularly and any necessary corrections will be included in subsequent editions. We appreciate any suggested improvements. We reserve the right to make technical improvements without notice.
Registered Trademarks
ROX™, Rugged Operating System On Linux™, CrossBow™ and eLAN™ are trademarks of Siemens AG. ROS® is a registered trademark of Siemens AG.
OpenNMS® is a registered trademark of The OpenNMS Group, Inc.
Microsoft Windows XP and Microsoft Windows 7 are registered trademarks of Microsoft Corporation in the United States and other countries.
Other designations in this manual might be trademarks whose use by third parties for their own purposes would infringe the rights of the owner.
Security Information
Siemens provides automation and drive products with industrial security functions that support the secure operation of plants or machines. They are an important component in a holistic industrial security concept. With this in mind, our products undergo continuous development. We therefore recommend that you keep yourself informed with respect to our product updates. Please find further information and newsletters on this subject at: http://support.automation.siemens.com.
To ensure the secure operation of a plant or machine it is also necessary to take suitable preventive action (e.g. cell protection concept) and to integrate the automation and drive components into a state-of-the-art holistic industrial security concept for the entire plant or machine. Any third-party products that may be in use must also be taken into account. Please find further information at: http://www.siemens.com/
industrialsecurity.
Contacting Siemens
Address
Siemens AG Industry Sector 300 Applewood Crescent Concord, Ontario Canada, L4K 5C7
Telephone
Toll-free: 1 888 264 0006 Tel: +1 905 856 5288 Fax: +1 905 856 1995
E-mail
RuggedSales@RuggedCom.com
Web
www.RuggedCom.com
ii
RUGGEDCOM
Application Note
Table of Contents
Table of Contents
Chapter 1
Introduction .......................................................................................................... 1
Chapter 2
Installing OpenSSL on Windows ......................................................................... 3
Chapter 3
Installing the Scripts ............................................................................................ 5
Chapter 4
Using Scripts to Create SSL Certificates ............................................................ 7
4.1 Scenario 1: The Machine Hosting the Scripts Becomes the Root CA ............................................... 7
4.2 Scenario 2: The CA Resides Elsewhere ........................................................................................ 9
4.3 Scenario 3: Self-Signed Device Certificates ................................................................................. 11
Chapter 5
Using the Scripts to Create SSH Keys for ROS ................................................ 15
Chapter 6
Adding a Root CA Certificate to the List of Trusted Root CAs ........................... 17
Chapter 7
PEM Formatted Certificates and Keys .............................................................. 19
Chapter 8
Generating a Certificate from a Certificate Request in Windows 2008 CA ........ 21
Chapter 9
Frequently Asked Questions (FAQs) ................................................................. 27
iii
Table of Contents
RUGGEDCOM
Application Note
iv
RUGGEDCOM
Application Note
Introduction
ROS (beginning with ROS v3.12.1 and onwards) and ROX can accept SSL certificates and SSH keys created externally. This document, along with some useful scripts developed by Siemens, is intended to help users working with Microsoft Windows® to generate their own keys and certificates for their ROS and/or ROX devices.
The Microsoft Windows Operating System has a Certificates Management console. However, the nature of key creation and export is not particularly suitable for ROS/ROX purposes. A separate key and certificate generation application is required.
There are many free, open source applications, such as OpenSSH and PuTTygen, that can create keys and certificates. The instructions in this document utilize OpenSSL, a free cryptography toolkit, to generate both SSH and SSL keys, as well as SSL certificates.
ROS and ROX will accept self-signed certificates or certificates signed by a Certificate Authority (CA). This document will make the Windows machine a Certificate Authority (CA) and sign certificates.
IMPORTANT!
Normally, the steps involved in creating the private key and creating the Certificate Signing Request (CSR) are the ones that will be performed if a Certificate Chain of Trust is implemented in the organization. The CSR files are then submitted to the appropriate department for it to be signed by a CA. Once the certificate is issued, it is then uploaded to the device in the required format. When certificates are self-signed, the trust (identity establishment) part of SSL cannot work because each server is essentially its own CA. For the purpose of security, it is recommended that a proper Chain of Trust is implemented for SSL.
Chapter 1
Introduction
This document describes:
• How to generate SSL certificates and SSH keys for ROS using Siemens scripts
• How to generate SSL keys and certificates for ROX using Siemens scripts
• How to import certificates on Windows machines so the SSL certificates provided by these devices can be verified properly
1
RUGGEDCOM
Application Note
Chapter 1
Introduction
2
RUGGEDCOM
Application Note
Installing OpenSSL on Windows
Installing OpenSSL on Windows
To install OpenSSL on Windows, do the following:
1. Download the OpenSSL Setup program (without sources) for Windows from http://gnuwin32.sourceforge.net/
packages/openssl.htm.
2. Double-click the downloaded file and install OpenSSL. During the installation process, change the installation
directory to C:\OpenSSL\. This is essential for the scripts to generate the certificates and keys properly.
Chapter 2
3
RUGGEDCOM
Application Note
Installing OpenSSL on Windows
Chapter 2
4
RUGGEDCOM
Application Note
Installing the Scripts
Installing the Scripts
To install the scripts, extract the contents of the Zip file (AN22.zip) obtained from Siemens into an appropriate location on the script machine (the computer/server that hosts the scripts). A folder titled RCKeyGen will be placed in the chosen location.
Chapter 3
5
RUGGEDCOM
Application Note
Installing the Scripts
Chapter 3
6
Loading...
+ 22 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use