Requesting an HTTPS certificate

The HTTPS server used by Beckhoff industrial PCs is the Internet Information Services (IIS) server, which is delivered with Windows. Typically, for the IIS server, a certificate authority (CA) provides installation instructions on how to install a certificate issued by it. The certificate authority even provides instructions on how to apply for the certificate. Please primarily follow the instructions of the certificate authority. This is especially true if you use a software instance within your own Windows domain for certification. Otherwise, step-by-step instructions follow.

First, you must use the IIS Manager on your industrial PC to create a Certificate Signing Request (CSR) and forward the certificate request to the certificate authority according to its instructions. The certificate authority will then provide you with the server certificate and the intermediate certificates to create a certificate signing request

Proceed as follows:

1. Open the Internet Information Services (IIS) Manager on your industrial PC as administrator.

2. Select your web server from the Connections menu on the left and double-click Server Certificates.
Requesting an HTTPS certificate 1:

3. In the Actions section, select Create Certificate Request and fill out the forms according to your requirements.
Requesting an HTTPS certificate 2:

4. For compatibility reasons, the fully qualified DNS name via which your industrial PC can be reached by clients must be entered in the Common name field. If there is no DNS name, the IP address can also be used. Generally, it must be the name or IP address that your customers use in their applications when making requests in the URL. If you need to specify alternative IP addresses or DNS names, ask your certificate authority to enter them as an extension (Subject Alternative Name) of the certificate it issued. Such an extended request is made in this case in a different way than with the CSR.
Requesting an HTTPS certificate 3:

5. You should consider creating a strong key according to your needs. RSA with 1024 bits is no longer considered to be strong.
Requesting an HTTPS certificate 4:

Save the CSR file and send it to the certificate authority. As soon as you receive a response from the certificate authority, the next step is to import the certificate (see: Importing the certificate).