Example: Http Over Tls - Siemens SIMATIC S7-1500 Function Manual

3.6.6

Example: HTTP over TLS

The following paragraphs show how the mechanisms described are used to establish a
secure communication between a Web browser and the Web server of an S7-1500 CPU.
Initially the changes for the "Permit access only with HTTPS" option in STEP 7 are
described. As of STEP 7 V14 you have the possibility to influence the server certificate of the
Web server of an S7-1500 CPU as of firmware V2.0: The server certificate is generated as of
these versions with STEP 7.
In addition it illustrates the processes that are executed when a website of the CPU Web
server is called with a Web browser of a PC through an encrypted HTTPS connection.
Using Web server certificates for S7-1500 CPUs, FW V2.0 or higher
For S7-1500 CPUs with a firmware version before V2.0, you were able to set "Permit access
only with HTTPS" when setting the Web server properties, without specific requirements
applying.
You did not have to handle certificates for these CPUs; the CPU automatically generates the
certificates required for the Web server.
For S7-1500 CPUs as of firmware V2.0, STEP 7 generates the server certificate (end-entity
certificate) for the CPU. You assign a server certificate to the Web server in the properties of
the CPU (Web server > Security).
Because a server certificate name is always preset, there is no change to the easy
configuration of the Web server: You activate the Web server. The "Permit access only with
HTTPS" option is enabled by default - STEP 7 generates a server certificate with the default
name during compiling.
Irrespective of whether you use the certificate manager in the global security settings or not:
STEP 7 has all the information required to generate the server certificate.
In addition, you have the possibility to determine the properties of the server certificate, for
example, the name or the validity period.
Communication
Function Manual, 11/2019, A5E03735815-AH
Communications services
3.6 Secure Communication
53