User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

Cybersecurity Basics

SSL Certificates

A6V11646120_enUS_b_40

19 | 85

Supported Cryptographic algorithms in Desigo CC

Desigo CC supports RSA-2048 SHA-256 Certificates. Basically, CAPI certificates are

required. The Web Server also supports CNG Certificates.

Components

Crypto API Certificates

CNG Certificates

WinCC OA Communication

RSA 2048 with SHA256

encryption Certificates supported;

Certificate revocation not

supported.

Not supported.

Web Server Communication

No known restrictions since this is

completely managed by IIS.

Anyway, it is recommended to

have certificate with minimum

.RSA 2048 with SHA256

encryption.

No known restrictions since this is

completely managed by IIS.

Anyway, it is recommended to

have certificate with minimum

RSA 2048 with SHA256.

Client Identification

RSA 2048 with SHA256

encryption Certificates supported.

Not supported.

Application/Code signing

RSA 2048 with SHA256

encryption Certificates supported.

Certificate should be exportable

and should have code signing

feature.

RSA 2048 with SHA256

encryption Certificates supported.

Certificate should be exportable

and should have code signing

feature.

Types of SSL Certificates based on Validation Level

Websites use SSL certificates to set up a trust level with their visitors and customers.

Different businesses require to set up different levels of trust. For example, websites

which collects user's important information need to transfer it securely. Financial

institutions need to set up domain authenticity as well as data security. So, CA needs

to validate the website owner's information based on the trust they want to set up. The

following three types of certificates are based on the level of validation.

Domain Validated Certificates

The Domain Validated (DV) certificate requires the lowest level validation because the

main purpose of DV certificates is to make the secure communication between the

domain's web server and browser. CA only verifies that the owner has a control over

the domain.

Organization Validated Certificates

The Organization Validated (OV) certificate requires a medium level validation where

CA checks the rights of an organization to use the domain and also the organization's

information. The OV certificate enhances the trust level of the organization and its

domain.

Extended Validated Certificates

The Extended Validated (EF) certificate requires a high-level validation where CA

conducts rigorous background checks on the organization according to guidelines.

This includes verification of the legal, physical and operational existence of the entity.