Installing the Client certificate

The client certificates can be installed in the clients that are to gain access to the system. First, the certificate must be exported as a PFX file.

  1. Open the TwinCAT HMI Configuration window and select the category Client certificates.
  2. Right-click on the desired certificate and select the entry Export PFX (client part) ...:
    Installing the Client certificate 1:

The exported certificate can then be installed on the target systems that are to authenticate themselves using the certificate.

Installing the Client Certificate in a Browser

The following steps show the integration of a client certificate into a browser using the example of the "Google Chrome" browser. Integration is performed in the same way with other browsers.

1. Copy the exported certificate to the target system.
2. Open the browser on the target system.
3. Open the settings of your browser.
4. Open the advanced settings and select Manage certificates.
5. Select the Import item:
Installing the Client certificate 2:
6. Click Next in the following wizard:
Installing the Client certificate 3:
7. Then click on Browse and select the certificate:
Installing the Client certificate 4:

You may have to switch to the PFX format in the Browse dialog:
Installing the Client certificate 5:
8. After selecting the certificate, click Next.
9. The following dialog can be confirmed without entering a password with the default settings by clicking on Next:
Installing the Client certificate 6:
10. Select the area Personal and click on Next:
Installing the Client certificate 7:
11. Confirm the import by clicking on Finish:
Installing the Client certificate 8:
This concludes the installation.

Open Client

Start the browser and open the HMI via the IP address of the server. When you access the server using a client certificate for the first time, the dialog that offers the selection of a client certificate is opened in the browser. Select your certificate there:

Installing the Client certificate 9:

Access to the HMI is then granted. If the client certificate has been assigned to a user, this user is logged in automatically and the HMI is loaded. Otherwise you have to authenticate yourself with username and password.

Installing the Client certificate 10:

Communication with the server must be encrypted using HTTPS if you are using a client certificate.

Error handling

If you have already worked with client certificates before, it may happen that the browser skips the query for a client certificate and access to the HMI is not granted. In this case, you can clear the browser cache and restart the browser. The browser should then query the client certificate and access the HMI.