TLS Client/Server page

Use this page if you wish to use the TLS client and/or server function of the FP‑I4C unit.

TLS client/server is a protocol that encrypts communication in a network. It can be used to ensure secure data transfer when using vulnerable protocols such as Modbus or MEWTOCOL.

See also the related Quick Start Guide, which provides detailed step-by-step instructions for using the TLS connector to secure Modbus TCP transmissions.

Make TLS client settings

Enable the TLS client function and make the communication settings.

The TLS client uses either the public key authentication method or the client authentication method to connect to a TLS server. The TLS client provides a TCP server (non-TLS server) that listens to a port. Any TCP client (e.g. Modbus, MEWTOCOL) can connect to this TCP server and request data from the TLS client.

Enable the TLS client and make PLC settings

  • Use TLS client: Use this toggle switch to enable the TLS client function.

  • First control register: Specify the start address of the control registers used in the PLC to trigger an action.

  • Last control register: This address is calculated based on the specified control register.

  • Polling time: Set the interval in seconds to poll the PLC's control registers.

  • Listening port (non-TLS server): Set the listening port of the unsecured TCP server.

  • Permitted IP addresses: Select an option to restrict access to external devices:

    • Local host only: Only the device itself is allowed to connect (e.g. using the script function or the local host address IP 127.0.0.1).

    • Single IP address: Only a device with the specified IP address is allowed to connect.

    • IP address range: Only devices with IP addresses in the specified range are allowed to connect.

  • IP address or host name of TLS server: Enter the IP address or host name of the TLS server.

  • TLS server port: Set the port number of the TLS server.

Make certificate settings for the TLS client

  • Authentication method:

    • Public key: The client can send data without certificate.

    • Client certificate: The client needs a certificate to send data.

  • Minimum TLS version: Set the minimum TLS version number that is supported.

  • Use CA verification:

    Usually official certificates must be signed by a certificate authority (CA). If you use a local broker, turn the toggle switch off (no CA verification is requested).

    If official certificates are used, turn the toggle switch on. To upload a certificate from the PC to the FP-I4C unit, drag a file onto the drag and drop area or select a file with the + icon and then select the cloud icon. You can upload all three certificates at the same time.

    The following certificates are supported:

    Certificate

    File names

    CA certificate of the certificate authority (.crt, .csr, .pem)

    ca.crt, ca.csr, ca.pem

    Client certificate (.crt, .csr, .pem)

    client.crt, client.csr, client.pem

    Key file (.key, .pem)

    key.key, key.pem

Save your configuration.

When you have changed any settings, a Save button appears in the upper right corner of the screen. You can make changes on multiple pages and then save your settings.

Reset your configuration

To reset all settings on the current page to the default configuration, select the Reset button at the bottom of the page.

Make TLS server settings

Enable the TLS server function and make the communication settings.

The TLS server uses either the public key authentication method or the client authentication method to verify the identity of a TLS client. The TLS server provides a TCP client (non-TLS client) that can connect to any TCP server (e.g. Modbus, MEWTOCOL) and receive requests from a TLS client via the TLS server.

Enable the TLS server and make PLC settings

  • Use TLS server: Use this toggle switch to enable the TLS server function.

  • First control register: Specify the start address of the control registers used in the PLC to trigger an action.

  • Last control register: This address is calculated based on the specified control register.

  • Polling time: Set the interval in seconds to poll the PLC's control registers.

  • TLS server port: Set the port number of the TLS server.

  • Permitted IP addresses: Select an option to restrict access to external devices:

    • Local host only: Only the device itself is allowed to connect (e.g. using the script function or the local host IP address IP 127.0.0.1).

    • Single IP address: Only a device with the specified IP address is allowed to connect.

    • IP address range: Only devices with IP addresses in the specified range are allowed to connect.

  • IP address or host name of non-TLS server: Enter the IP address or host name of the non-TLS server.

  • Non-TLS server port: Set the port number of the non-TLS server.

Make certificate settings for the TLS client

  • Authentication method

    • Public key: The client can send data without certificate.

    • Client certificate: The client needs a certificate to send data.

  • Minimum TLS version: Set the minimum TLS version number that is supported.

  • Certificates:

    The following certificates are supported:

    Certificate

    File names

    CA certificate of the certificate authority (.crt, .csr, .pem)

    ca.crt, ca.csr, ca.pem

    Client certificate (.crt, .csr, .pem)

    client.crt, client.csr, client.pem

    Key file (.key, .pem)

    key.key, key.pem

Save your configuration.

When you have changed any settings, a Save button appears in the upper right corner of the screen. You can make changes on multiple pages and then save your settings.

Reset your configuration

To reset all settings on the current page to the default configuration, select the Reset button at the bottom of the page.

Modified on: 2024-10-02Feedback on this pagePanasonic hotline