Skip to content

Using custom certificates in Industrial Edge Devices

During the onboarding process of an Industrial Edge Device (IED), a certificate is automatically generated for the device’s specific IP address. To secure communication between the browser and the IED, the user should import this certificate into the operating system’s or browser’s trust store. To eliminate this manual step, the device can instead use a certificate signed by a trusted authority - either a private Certificate Authority (CA) or a public CA. You can import the certificates and the private key via the IED UI.

Prepare the certificates

Obtain the necessary certificates from your issuing authority. Ensure both the private key and the public certificate are in the correct format:

  • Certificate: The certificate should be in PEM format with a .crt file extension.
  • Key: The private key must be PEM formatted as well, with a .key file extension, utilizing the RSA algorithm. A key size greater than 4096 bits is recommended for enhanced security.

Update the gateway certificates of the IED

  1. Log into the Industrial Edge Device

  2. Navigate to Settings > System

  3. Select Import Edge Device Certificate
    Import Edge Device Certificate

  4. Browse and select the public certificate and private key

  5. (Optional) when using a DNS-based setup, select the checkbox DNS Based Certificate (Optional) and input the DNS name of the IED. This configuration allows connectivity to be established using the DNS name.
    Import Edge Device Certificate - Provide DNS Name

  6. Click Import
    The certificate of the IED will updated.

NOTICE

For more information refer to Certificates in Industrial Edge.