Creating the "OEM Certificate Request File"
 | TwinCAT OEM certificates are only issued for existing Beckhoff customers. Please get in touch with your Beckhoff sales contact for further information. |
| System requirements - Min. TwinCAT 3.1 Build 4024 |
| Do not use special characters (ä, é, ...) for company name and password! The algorithm for processing the OEM certificate in TwinCAT cannot process special characters. |
Order numbers for TwinCAT OEM certificates
TC0007: TwinCAT OEM Certificate Standard (TwinCAT Software Protection)
TC0008: TwinCAT OEM Certificate Extended Validation (like TC0007, additionally signing of TwinCAT driver software created with TwinCAT 3 in C++)
- The Software protection configurator has been opened.
- 1. Select the Certificates tab.
- 2. Click Create New….
- The Create OEM Certificate input window opens.
- 3. Enter the required data for an "OEM Certificate Request File":
- Enter your company name in the OEM Name text field. The name must have a clear reference to your company or your business unit.
| Do not use special characters (ä, é, ...) for company name and password! The algorithm for processing the OEM certificate in TwinCAT cannot process special characters. |
- Enter a Unique Name. The "OEM Unique Name" must be a unique name that uniquely identifies the owner of the certificate worldwide, preferably the URL of your company's website or your email address. The email address must be a company email address, i.e. it must be possible to assign it unambiguously to a company.
- For a Standard certificate (TC0007), make sure that at most these two checkboxes are checked for the application area of the certificate:
- The current Crypto version (for the encrypted content of the certificate) is "2". You should only select the older Crypto version "1" if you want to use this certificate with TwinCAT 3.1 Build 4022.x.
Information: Crypto version "1" can only be selected for a Standard certificate (TC0007).
| Only valid for TwinCAT 3.1 Build 4024.0: creation of a User DB requires Crypto Version 1 In the TwinCAT version Build 4024.0, a user database for the TwinCAT Software Protection may only be created with an OEM certificate with Crypto version 1! |
- The checkbox "Sign TwinCAT C++ executables (*.tmx)" should only be checked for the purpose of applying for a certificate with "Extended Validation" (TC0008) that can be used for signing C++ executables generated with TwinCAT 3 (including Matlab/Simulink). This certificate version requires more complex validation of your contact data (and therefore more time) during the certificate ordering process and should therefore only be selected if you really need this option:
- A certificate with "Extended Validation" (TC0008) always requires Crypto version "2". (Please note: This certificate version cannot be used with TwinCAT 3 Build 4022.x!)
- 1. Once you have entered the data, click Start and select a directory to save the file. Important: You can simply accept the suggested directory "c:\twincat\3.1\customconfig\certificates". You need the newly created file in this directory in order to be able to read out the file fingerprint for this file in a subsequent step.
- A dialog for selecting a password for the OEM Private Key opens.
- 2. Issue a password for the OEM Private Key.
| Do not use special characters (ä, é, ...) for company name and password! The algorithm for processing the OEM certificate in TwinCAT cannot process special characters. |
| Important: Password security! Be sure to use a strong password for your OEM certificate! |
| Password cannot be restored if lost Beckhoff is unable to recover or reset your password. If you forget or lose the password for your OEM certificate, you can no longer use it and have to request a new OEM certificate. |
- 1. Confirm the password by entering it again and close the dialog with OK.
- The file is saved.
The "OEM Certificate Request File" generated in this way must now be signed by the Beckhoff certificate section in order to be valid. The procedure is described in chapter "Requesting an OEM certificate".