2.5. Set up Relay/Dependent Server Secure Connection
To set up a secure connection between relay and dependent servers perform the following
steps:
- Trust the relay server from the dependent server.
- Copy the CIMPLICITY root certificate CimScadaConfigRootCA.crt
located at <installation_path>\Proficy\Proficy
CIMPLICITY\ScadaConfigPki from the relay server machine to the same
location on dependent server machine.Note: You must install CIMPLICITY server on Webspace dependent server to enable Webspace authentication. However, CIMPLICITY Viewer license would suffice.
- Copy the CIMPLICITY root certificate CimScadaConfigRootCA.crt
located at <installation_path>\Proficy\Proficy
CIMPLICITY\ScadaConfigPki from the relay server machine to the same
location on dependent server machine.
- Enter the Relay server and its admin credentials in the Dependent Server section of
CIMPLICITY Options to allow the Webspace Session Manager to trust CimView.
- Select the Dependant Server tab in the bottom section.
- In the Relay Server text box, enter the host name or fully qualified domain name of the relay server to which the dependent server will connect.
- Enter the user name and password set on the single/relay server in the Administrator Credentials section.
- Select the Test button. A success message appears if the dependent server is securely communicating with the relay server.
- Select Apply.
- Select Ok.
Note: Enter details only in the Dependent Server section. Do not enter any details in the
other sections of the Server tab.
Note: If you have dependent servers that are running the actual SCADA project and want to use
the Scada Web configuration to browse OPC UA Servers for staging points (Scada Web Config
uses the same certificate that you will be replacing), when you copy the certificate from
the relay server to the dependent server, you must:
- Rename the root certificate copied from the relay server. Example: Rename to 'CIMSCadaConfigRootCA_2.crt'.
- Update the certificate path in the client-configuration section of
webspace-session-manager.json file located at
<installation_path>\Proficy\Proficy
CIMPLICITY\webspace-session-manager\webspace-session-manager.json
Example:
"client-configuration" :{ "register-timeout-seconds" : 5, "relay-server-reverse-proxy-port" : "9443", "root-ca-certificate" : "..\\ScadaConfigPki\\CimScadaConfigRootCA_2.crt", "wsm-admin-password" : "AD2tSYUmQJ3l++ToAVBfF6nrCTRaPmgUhS3odSauoW0=", "wsm-admin-user" : "admin", "wsm-client-socket-port" : "4958", "wsm-hostname" : "localhost" },