SSL Certification validity

The SSL (Secure Socket Layer) protocol is a security layer inserted between the transport layer (TCP/IP) and the application layer (e.g., HTTP), which provides communication security by encryption and enables an authentication (identity verification) of communicating parties. The result is a secure (encrypted) connection, e.g., using the HTTPS protocol.

Certificate validation, or certificate verification, means that Mervis RT communicates with cloud servers (Proxy, DB, SCADA) using a secure encrypted SSL connection and verifies security against available certificates, which are issued by certification authorities.

In order to use this function, it is necessary to ensure:

1. Availability of current certificates
   • certificates are up-to-date at the moment of release of the Mervis OS operating system, starting with Mervis OS version 2.4.2.28
   • certificates can be updated by uploading Mervis IDE (instructions at the end of the article)
2. Setting SSL addresses to cloud services, or enabling SSL
   • Mervis DB:

     https://db.unipi.technology/plc/save

   • Mervis Proxy:

     https://proxy.unipi.technology:6678

3. Enable certificate validation in RT configuration

If the above is not met, communication will not be established.

Mervis Proxy configuration

Mervis DB parameters

To upload certificates to the PLC, it is necessary to have a Mervis IDE solution installed and an assigned PLC.

To add/replace certificates, right-click on the PLC, select:
PLC Operation → Upload Certificates

A dialog will open where you have a total of 4 lines, but we will only be interested in the first two:

• Default CA: these certificates are up-to-date at the time of Mervis OS image generation, uploading them will replace the default certificates
• User CA: these certificates are not included in the default state of RT, missing certificates can be added by uploading, default CAs are not affected in any way

After clicking OK, the certificates will be uploaded to the PLC.