Differences

This shows you the differences between two versions of the page.

--- en:sw:01-mervis:ssl-certification-validation-hidden [2022/10/05 18:14]
avsetula [Example of Mervis Proxy and DB settings in RT configuration:]
+++ en:sw:01-mervis:ssl-certification-validation-hidden [2022/10/11 14:58] (current)
avsetula [What is needed?]
@@ Line 2: / Line 2: @@
 The SSL (Secure Socket Layer) protocol is a security layer inserted between the transport layer (TCP/IP) and the application layer (e.g., HTTP), which provides communication security by encryption and enables an authentication (identity verification) of communicating parties. The result is a secure (encrypted) connection, e.g., using the HTTP**S** protocol.
+<WRAP center round important 90%>
+**Warning:** use certificate validation only if you are aware of the possible consequences of enabling this function. Due to the temporary validity of certificates, it may happen that the validity of the certificate expires after a certain period of time (validity is different for each certificate).
+As a result, PLC will not be enabled for secure communication via Internet, so it will stop communicating with Mervis Proxy, Mervis DB, or other servers. Subsequent uploading of valid certificates to the PLC is now only possible locally and a service trip to the PLC is therefore required.
+</WRAP>
@@ Line 11: / Line 17: @@
   - Availability of current certificates
     * certificates are up-to-date at the moment of release of the Mervis OS operating system, starting with Mervis OS version 2.4.2.28
-    * certificates can be updated by uploading Mervis IDE (instructions at the end of the article)
+    * certificates can be updated by uploading Mervis IDE ([[#uploading_certificates_from_the_mervis_ide|instructions below]])
   - Setting SSL addresses to cloud services, or enabling SSL
     * Mervis DB: <code>https://db.unipi.technology/plc/save</code>
@@ Line 23: / Line 29: @@
 ;#;
-//Mervis Proxy configuration//
+//Mervis Proxy parameters//
 ;#;
 {{ :en:sw:01-mervis:val-cert_proxy_en.png?direct |}}
@@ Line 56: / Line 62: @@
 **Note:** the file name extension can be arbitrary.
 </WRAP>
+===== Use cases: =====
+=== Updating certificates due to expiration ===
+Certificates issued after September 1st, 2022 are valid for a maximum of 1 year, so it is important to update the certificates regularly. The update is possible by replacing the default CA with the new public certificates (certificate file) according to the [[#uploading_certificates_from_the_mervis_ide|instructions above]], or by uploading the [[en:files:software:os-images:00-start|most current version of Mervis OS]] to the PLC.
+<WRAP center round info 90%>
+**Note:** download current certificates only from trusted sites.
+</WRAP>
+=== Replacing the default certificates with your own ===
+In some cases (e.g., within an intranet) it is also useful to secure with your own certificates, when, on the other hand, you do not use public certificates at all. In this case, prepare a certificate file and upload it as the default CA, replacing the default certificates with your own.
+\\
+\\
+=== Adding your own certificates without affecting the default certificates ===
+In cases where the PLC is, for example, in a large corporate network, but also has access to the Internet, it is advisable to choose a combination of public and own certificates.
+Therefore, upload your certificate file as a user CA, but it is also possible to upload an update of the default CA. If you do not want to update the default certificates, leave the box blank.