Control of access to the PLC source code

Prerequisite for using this function: Issue of a TwinCAT OEM certificate

System requirements

• TwinCAT 3 OEM certificate TC0007 (Crypto version 1 or 2)
• Operating system: at least Windows 10
• TwinCAT version: at least TwinCAT 3.1 Build 4024

Reliable protection only when using the latest TwinCAT 3 version For reliable protection (e.g. secure encryption), always use the latest TwinCAT 3 version. This provides the maximum security. Use at least TwinCAT 3.1 Build 4024.x. For security reasons, do not use an older version!

General notes

• Observe the general information regarding OEM certificates.
• The OEM certificate is only required once to create the User DB.
• Changes to the User DB only need to be signed by the administrator of the User DB (without using the OEM certificate).
• It is essential for the administrator of the User DB to have a strong password. Otherwise the User DB is easy to attack.
• The validity of the User DB is independent of the validity period of the OEM certificate. The User DB therefore remains valid even after the expiry of the validity period of the OEM certificate and can also be modified afterwards.
• Comments on the later extension of the certificate (after 2 years) can be found here Extending an OEM certificate.
• Important: store the password of the OEM certificate and the administrator of the User DB in a secure place. Beckhoff cannot restore the passwords if they are lost!
• The OEM certificate is not required on the target systems and should not be stored there for security reasons!