Configure Certificates from External Certificate Authorities for SCADA Web Configuration

You can configure certificates received from external Certificate Authorities (CA), such as VeriSign and DigiCert for the SCADA Web Configuration application.

Ensure that the certificate received from the CA can be used as an intermediate CA for signing other certificates.

To configure a certificate from an external CA:

1. Go to the path where CIMPLICITY is installed, and delete all the files in the ScadaConfigPki folder.
   Note: Before you delete the files in the ScadaConfigPki folder, prepare a backup of the files.
2. Copy the <RootCertificateName>.crt and <RootCertificateName>.key files from the CA and paste them into the ScadaConfigPki folder.
3. Access Command Prompt and enter the following command:

   cd <InstallationPath>

   For example:

   cd C:\Program Files (x86)\Proficy\Proficy CIMPLICITY

4. Enter the following command by specifying the RootCertificateName received from the CA:

   config_service_cert.bat <InstallationPath> <ConfigServicePortNumber> <UABrowseServicePortNumber> <RootCertificateName> <ServerCertificateName> <passphrase>

   For example:

   config_service_cert.bat "C:\Program Files (x86)\Proficy\Proficy CIMPLICITY\" 4855 4865 RootCA1 server_cert cimplicity

   A server certificate and private key is generated in the ScadaConfigPki folder and replicated to the nginx configuration folder.

5. Enter the names of the server certificate and private key in the server section of the nginx.conf file. For exanple:

   server {
    ???????????????????????????.. 
    ?????????????????????. 
    ssl_certificate server_cert.crt; 
    ssl_certificate_key server_cert.key 
    }

The external CA is now used as the root authority for the SCADA Web Configuration application.