Configure where to use the secure communication protocol (HTTPS)

The secure communication protocol HTTPS is a combination of the HTTP and a cryptographic protocol. If you choose to use HTTPS, communication through the web interface will be encrypted for security purposes.
The following items will use the HTTPS protocol. The list of options depends on the way that you chose to log on to the model under System Security. For details, see Configure how to log on to the module.
This option
Is available when you choose this logon method
FactoryTalk Historian ME Local Security
The FactoryTalk Directory
The FactoryTalk Historian webpages
x
x
The FactoryTalk Directory
-
x
TIP:
The FactoryTalk Historian webpages include the client page and the Web Diagnostics page.
To configure where to use the secure communication protocol (HTTPS)
  1. On the
    System Security
    page, under
    HTTPS Settings
    , select the type of HTTPS certificate:
    Certificate type
    Description
    Self-signed certificate
    A certificate issued by the module, which holds its own private key. This type is chosen by default to provide a secure connection out of the box. The certificate is valid for five years.
    CA certificate
    A certificate issued by a trusted third party, for example, the IT security department in your organization. To use the CA certificate, you have to manually upload the CA certificate, server certificate, and private key files to the module. For details, see Upload files to the module.
  2. Depending on the type of certificate, do either of the following:
    • For the
      Self-signed certificate
      type, complete the following:
      Item
      Description
      Issued to
      Choose the method with which you access the Historian webpages:
      • IP address.
        The certificate will be issued to the IP address of the module. This is the default setting. The IP address is provided by the system automatically.
      • Module name.
        The certificate will be issued to the module name. The module name is provided by the system automatically.
      • Domain name.
        The certificate will be issued to the fully qualified domain name of the module.
        Type the domain name in the following format:
        <modulename>.<domainname>.<top-level domain>
        For example,
        module1.mycompany.com
      Renew Certificate
      Use this button if:
      • You change the method with which you access the Historian webpages. In this way, a new certificate will be issued.
      • Your certificate has expired, and you want to issue a new one.
      TIP:
      If you renew the certificate for your module, you have to install it in the browser. To install the certificate in the browser, consult your network administrator.
    • For the
      CA certificate
      type, complete the following:
      Item
      Description
      CA certificate file
      Select the certificate authority. This is necessary for using HTTPS.
      Sever certificate file
      Select the file that contains the digital certificate that has been issued to a server and contains information about the server.
      Private key file
      Select the file that contains the private key for the web server.
      Private key password
      Type the encryption password used to secure the private key file.
      Verify the FactoryTalk Directory certificate
      Select the checkbox to verify if the FactoryTalk Directory certificate is valid. The module will check if there is a certificate for the FactoryTalk Directory issued by a certificate authority. This option is only available if you set HTTPS for communication with the FactoryTalk Directory.
  3. Click
    Save
    .
    If the configuration is incomplete, an error message appears prompting you to provide missing information.
    If the configuration is complete, a message appears.
  4. Click
    OK
    .
    The configuration will be validated.
    If the configuration is successful, you will be logged out and taken to the logon page.
    Otherwise, an error message appears.
    TIP:
    If the configuration of the module is restored from a backup file, the communication is automatically set to HTTPS for connections with the Historian webpages.
    If the backup file contains security certificates, they will be used in the restored configuration. Otherwise, a default self-signed certificate will be generated and used.
    For more information on restoring configurations, see Back up and restore configuration files.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal