Module signing

TwinCAT C++ modules must be signed with a certificate so that they can be executed.

The signature ensures that only C++ software whose origin can be traced is executed on productive systems.

The C++ modules are loaded by the TwinCAT runtime system and must be signed with a TwinCAT user certificate.

For test purposes, certificates that cannot be verified can be used for signing. However, this is only possible if the operating system is in test mode so that these certificates are not used on productive systems.

Module signing 1:

Engineering requires no signing

Only the execution requires certificates - the engineering does not.

Organizational separation of development and production software

Beckhoff recommends working organizationally with (at least) two certificates.

  1. A certificate which is not countersigned, thus the test mode is needed for the development process. This certificate can also be issued individually by each developer. The test systems are then set to test mode.
  2. Only the software that has passed the corresponding final tests is signed by a countersigned certificate. This software can thus also be installed on machines and delivered.

Such a separation of development and operation ensures that only tested software runs on productive systems.

Further Information
See also