Certificates provided by the customer (CA with certificates)

The configuration of certificates provided by the customer takes place via an entry in the route configuration.

To do this, the following entries can be made in the file C:\TwinCAT\3.x\Target\StaticRoutes.xml :

<?xml version="1.0"?>
<TcConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <RemoteConnections>
        <Server>
            <Tls IgnoreCn="true"> <!--see below-->
              <Ca>C:\TwinCAT\3.1\Target\CACerts\rootCA.pem</Ca>
              <Cert>C:\TwinCAT\3.1\Target\CACerts\ipc.crt</Cert>
                <Key>C:\TwinCAT\3.1\Target\CACerts\ipc.key</Key>    
              </Tls> 
          </Server>        
    </RemoteConnections>
</TcConfig>

Saved changes are accepted when the TwinCAT router is initialized, which takes place, for example, during the transition RUN->CONFIG or CONFIG->CONFIG.

The certificates are X.509 certificates, which can be generated, for example, with OpenSSL. If the key (XML-Element <Key>) is to be protected by a password, this can be specified via the XML element <KeyPwd>. The .der and .pem formats are supported.

The "CommonName" of the certificate must correspond to the name used when establishing the connection (XML-Element <Name>). This behavior can be deactivated with the option IgnoreCn=" true".

If both sides have suitable certificates of a common CA, the route can be created without further information using this dialog:

Certificates provided by the customer (CA with certificates) 1:

As described under Server, a specific route is created on both sides as a result of this.