Overview of the Certificate-based Security in Historian
Historian implements certificate-based security to strengthen the authentication mechanism and build trusted connections among the core Historian services. The Mutual Transport Layer Security (MTLS) protocol is used to build trusted connections among the core Historian services.
The core Historian services include the:
- Data Archiver
- Client Manager
- Configuration Manager
- Diagnostic Manager
MTLS Configuration
There are two command line utilities provided with Historian that you use to configure or enable the certificate-based authentication. These tools generate the necessary certificate files that are used in MTLS handshaking. After configuring the certificate, you need to restart the Historian services manually.
The following sections describe how to configure your security settings:
- Install Certificates for Proficy Historian
- Install Proficy Historian Certificates on Different Computers
MTLS Binaries
To support MTLS, the Historian install media includes the following files. These files are located in the MTLS folder in the Proficy Historian install folder:
- CreateRootCertificate.exe
- MTLSCertificatesInstall.exe
- openssl.exe
- legacy.dll
- libcrypto-3-x64.dll
- libssl-3-x64.dll
- openssl.cnf
CreateRootCertificate.exe and MTLSCertificatesInstall.exe are the two command-line utilities for generating the certificates. The other binaries are the dependent components.
Location of MTLS Binaries
The following figure shows an example of the binaries folder for MTLS feature, when Proficy Historian 2023 is installed in “C” drive: