Creation of the Certificate Request file for TC0008

	System requirements - Min. TwinCAT 3.1 Build 4024 - Min. Windows 10 or TwinCAT/BSD (on the target system)

1. Call up the Software Protection configurator. To do this, select the menu item Software Protection in the main menu below the item TwinCAT:
Creation of the Certificate Request file for TC0008 2:

Creation of the Certificate Request file for TC0008 2:

2. In the window that opens, select the Certificates tab.
Click Create New....:
Creation of the Certificate Request file for TC0008 3:

3. The Create OEM Certificate input window opens:
Creation of the Certificate Request file for TC0008 4:

4. Enter the required data:

Enter your company name in the OEM Name text field. The name must have a clear reference to your company or your business unit.
Enter a Unique Name. The "OEM Unique Name" must be a unique name that uniquely identifies the owner of the certificate worldwide, preferably the URL of your company's website or your email address. The email address must be a company email address, i.e. it must be possible to assign it unambiguously to your company.
Check the checkbox Sign TwinCAT C++ executables:

If you only want to sign TwinCAT driver software with this certificate, uncheck the other two checkboxes. (These are only used in the PLC area)
Make sure that Crypto version 2 (for the encrypted content of the certificate content) is set. (standard setting)

5. Once you have entered the data, click Start and select a directory to save the file.
You can simply accept the suggested directory "c:\twincat\3.1\customconfig\certificates". You need the newly created file in this directory in order to be able to read out the "File Fingerprint" for this file in a subsequent step.

A dialog for selecting a password for the OEM Private Key opens.

6. Issue a password for the OEM Private Key.

	Important: Password security! Be sure to use a strong password for your certificate! Protect your password with suitable measures so that it cannot fall into unauthorized hands!

	Password cannot be restored if lost Beckhoff is unable to recover or reset your password. If you forget or lose the password for your certificate, you can no longer use it and have to request a new certificate.

7. Confirm the password by entering it again and close the dialog with OK.
Creation of the Certificate Request file for TC0008 8:

The file is saved.

The "Certificate Request File" generated in this way must now be signed by the Beckhoff certificate section in order to be valid. The procedure is described in chapter Requesting a certificate.