IEC15000328 V1 EN-US
Figure 39: Certificate issued to
5.2.5 Invalid certificates
GUID-66DFAC1D-F305-416F-91D9-05D035F1810B v1
The certificate can be invalid for different reasons, e.g. if the certificate has
expired. In this case, if the IED is using a self-signed certificate, it will generate a
new self signed certificate. Otherwise, when IED is using a certificate generated by
SDM600, it is required that the security administrator generates new certificates
and re-deploy them using PCM600. If the certificate has expired, PCM600 will
issue a warning to the user about connecting to a device with expired certificate.
SDM600 will reject user authentication with expired certificate.
If the replication is enabled and server rejects the authentication (due to expired
certificate) then the user is allowed to login using the replicated data. IED will raise
a security event 30 days before the certificate will expire and continue till the
expiry date once every day.
There are two main cases when the IED access the server:
1. When a cyclic replication is done
2. When a user should be authenticated or change the password
These two cases are different in that sense that one has an ongoing user interaction,
while the other occurs cyclically without user interaction.
In both cases a security event will be generated in the IED. If user interaction is
involved, a generic connection problem message will be presented.
5.2.6 Deleting certificates from an IED
GUID-CFA1897A-AF2F-49D2-A8AF-AB63BE7FCA67 v1
Deletion of certificates from IED is possible only after reading
certificates from IED.
Section 5 1MRK 511 399-UEN B
Central Account Management
52 670 series 2.2 IEC
Cyber security deployment guideline
To Next Page
Loading...
Need help?
General
