IS200DTCIH1控制器模块
从文件导入]浏览C:\/BranchCSR命令按钮签名配置路径[颁发证书]-[签名证书视图]命令按钮下载(默认名称为“Issue.crt”)场景操作过程(与“我的证书”部分中描述的相同)在上图中,“网关1”是总部a网络的网关,其内部网的子网为10.0.760/24。LAN接口的IP地址为10.0.76.2,WAN-1接口为203.95.80.22。“网关2”是分支机构中网络B的网关,其内部网的子网为10.0.750/24。LAN接口的IP地址为10.0.75.2,WAN-1接口为118.18.81.33。它们都充当NAT安全网关。网关1生成根CA和自己签名的本地证书(HQCRT)。它将根CA和HQCRT的证书导入网关2的“可信CA证书列表”和“可信客户端证书列表”。网关2为其自己的证书BranchCRT生成证书签名请求(BranchCSR),由根CA签名(请在网关2中生成一个自签名证书,然后单击该CSR的“查看”按钮。只需下载)。它需要CSR由网关1的根CA签名并获得BranchCRT证书(需要重命名)。将证书导入网关1的“可信客户端证书列表”和网关2的“本地证书列表”。网关2可以使用“站点到站点”方案以及到网关1的IKE和X.509协议建立IPsec VPN隧道。最后,10.0.750/24和10.0.76.0/24两个子网中的客户端主机可以相互通信。EW200工业蜂窝网关171颁发证书设置转到对象定义>证书>颁发证书选项卡。颁发证书设置允许用户导入证书签名请求(CSR)以由根CA签名。导入和颁发证书证书签名请求(CSR)从文件导入项目值设置描述证书签名请求,CSR)从需要的文件导入设置从计算机中选择证书签名请求文件以导入到网关。从PEM 1导入证书签名请求(CSR)。字符串格式,任意文本2。所需设置输入(复制粘贴)证书签名请求PEM编码的证书到网关。签名当根CA存在时,单击“签名”按钮,通过根CA签署并颁发导入的证书。EW200工业蜂窝网关172第4章现场通信4.1总线和协议网关可以配备串行端口,通过将RS-232或RS-485串行设备连接到基于IP的以太网LAN进行串行通信。这些通信协议允许通过本地LAN或Internet轻松访问任何地方的串行设备。它们可以是“虚拟COM”和“Modbus”。4.1.1端口配置在使用支持的现场通信功能之前,
Import from a File] Browse C:/BranchCSR Command Button Sign Configuration Path [Issue Certificate]-[Signed Certificate View] Command Button Download (default name is "issued.crt") Scenario Operation Procedure (same as the one described in "My Certificate" section) In the above diagram, "Gateway 1" is the gateway of Network-A in headquarters and the subnet of its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN-1 interface. "Gateway 2" is the gateway of Network-B in the branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN-1 interface. They both serve as the NAT security gateways. Gateway 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. It importsthe certificates of the root CA and HQCRT into the "Trusted CA Certificate List" and "Trusted Client Certificate List" of Gateway 2. Gateway 2 generates a Certificate Signing Request (BranchCSR) for its own certificate BranchCRT to be signed by root CA (Please generate one t self-signed certificate in the Gateway 2, and click on the "View" button for that CSR. Just download it). It takesthe CSR to be signed by the root CA of Gateway 1 and obtainsthe BranchCRT certificate (which needs to be renamed). Import the certificate into the "Trusted Client Certificate List" of Gateway 1 and the "Local Certificate List" of Gateway 2. Gateway 2 can establish an IPsec VPN tunnel with "Site to Site" scenario and IKE and X.509 protocols to Gateway 1. Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each other. EW200 Industrial Cellular Gateway 171 Issue Certificate Setting Go to Object Definition > Certificate > Issue Certificate tab. The Issue Certificate setting allows user to import Certificate Signing Request (CSR) to be signed by root CA. Import and Issue Certificate Certificate Signing Request (CSR) Import from a File Item Value setting Description Certificate Signing Request (CSR) Import from a File Required setting Select a certificate signing request file from your computer for importing to the gateway. Certificate Signing Request (CSR) Import from a PEM 1. String format, any text 2. Required setting Enter (copy-paste) the certificate signing request PEM encoded certificate to the gateway. Sign When root CA exists, click the Sign button to sign and issue the imported certificate by root CA. EW200 Industrial Cellular Gateway 172 Chapter 4 Field Communication 4.1 Bus & Protocol The gateway may be equipped with a serial port for serial communication by connecting an RS-232 or RS-485 serial device to an IP-based Ethernet LAN. These communication protocols make allow for easy access to serial devices anywhere over a local LAN or the Internet. They can be "Virtual COM" and "Modbus". 4.1.1 Port Configuration Before using the supported field communication function,
