ABB RTU500 series User Manual

Contents

ABB RTU500 series User Manual Manual pdf 68 page image

Secure Web server access RTU500 series Remote Terminal UnitCertificate handling7-4 | 1KGT 150 924 V000 1 - ABB AGFigure 88: HTTPS access to an RTU Web serverThe default Web server certificates used by the RTU500 series are self-signed and not issued bya certification authority (CA). As result an actual web client shows a warning messages concerningthe missing CA, if the Web server is accessed with HTTPS. To avoid this warning message a trustedexternal certificate must be configured and uploaded to the RTU500 series.If the Web server is configured for HTTPS a standard access is not possible anymore. In case ofa standard access the Web server redirects the access to the secure pages of the RTU500 seriesWeb server.If the Web server is not configured for HTTPS, a secure access is possible as well. There are norestrictions in this case besides the possible warning message from the self-signed certificate.See chapter "RTUtil500 configuration" for configuration and chapter "External certificate" for uploadof external certificates.7.3 Certificate handlingFor encryption and secure identification HTTPS uses public key certificates that bind together apublic key with an identity (information such as the name of an organization, their address and soon). The certificate is used to verify that a public key belongs to an identity. In case of HTTPS theWeb server presents the certificate to the web client giving the client the public key and the identityof the server.This requires for the RTU a public/private key pair and a corresponding public key certificate. Thereare two possibilities for this purpose. First the self-signed certificates generated by the RTU500series firmware can be used or a trusted, extern generated certificate can be uploaded to the RTU.When uploading, a certificate must be available for each CMU because the Web server can beaccessed on any CMU. Further information about the self-signed and extern generated certificatescan be found in the following two chapters.7.3.1 Self-signed certificateIn the default setup the RTU500 series Web server uses self-generated and self-signed public keycertificates for encryption and secure identification. As explained above the certificate consists of apublic/private key pair and an identity information. The key pair and the certificate are generated bythe RTU firmware and stored in the internal flash of the CMU (not on the memory card).