Communication encryption for CODESYS WebVisu
In order to prevent communication from being hacked between a CODESYS compatible controller, which
supports the CODESYS WebVisu, and an internet browser on a PC or mobile device, an HTTPS connection
with encryption is available. It protects the integrity of the displayed data.
What is needed to publish a SSL encrypted Webvisualisation with the Raspberry Pi or any >= Version 3.5SP5 CODESYS plc?
For example you want to have access from internet to your home where your pi Webvisu is running
Sure for doing this you need a official ssl certificate
and sure if you do not have a official certificate I would prefer a VPN connection additional
Passwort/UserManagement is needed in any case.
For testing purpose you could generate a ssl certificate to see how SSL Webvisu could be established/activated
On the pi runtime side you have the setting 'ConnectionType'
HTTP_ONLY, /* = 0 */ -->access your visu by http://RaspiIpAdress:8080/webvisu.htm
HTTPS_ONLY, /* = 1 */ -->access your visu by https://RaspiIpAdress:443/webvisu.htm
HTTP_AND_HTTPS, /* = 2 */ -->access your visu by http://RaspiIpAdress:8080/webvisu.htm
REDIRECT_HTTP_TO_HTTPS /* = 3 */ -->access your visu by http://RaspiIpAdress:8080/webvisu.htm
will be redirected to https://localhost:443/webvisu.htm
for testing purpose you could generate on the pi a certificate by the following bash script (attached):
copy this to the pi (this could be done by CODESYS plc file browser) then connect by ssh (putty) to the pi
and execute the script (after make it executable by chmod +x generateKeys.sh ).
Generate process take some time, be patient.
After that long long key generation process and restart of the plc, you could connect by ssl encrypted connection to the Webvisu.
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
openssl x509 -noout -in server.crt -fingerprint
openssl dhparam -outform pem -out dhparams.pem 1024
#copy the generated key to the runtime location
echo "make dirs"
echo "move certificate"
mv server.crt /root/PKI/cert/server.cer
echo "move key"
mv server.key /root/PKI/private/
echo "move dhparams"
mv dhparams.pem /root/PKI/private/
Check the documentation here for more details:
"c:\Program Files (x86)\3S CODESYS\GatewayPLC\Documentation\WebServerSSL_en.pdf"
These steps are not needed anymore use the Security Agent from CODESYS Store to generate the certificates.