In times of increasingly frequent, sophisticated and intense cyber attacks – including attacks on control systems – it is necessary to increase the level of security of these systems. Today we will show how to set encryption of all network communication between the D2000 Server and all network clients - whether it is the user interface (HI), configuration tools (CNF, GR) or remote system processes (Kom, Archive, DbManager, Event etc.). The first good news is that encryption is provided by the TLS (Transport Layer Security) security protocol, specifically the OpenSSL implementation. The same protocol is used to secure encrypted HTTPS communication, which you use to work with your bank account in the browser. D2000 versions 21 and 22 use the latest version of this protocol, TLS 1.3. The second good news is that enabling TLS is possible without restarting the application. The necessary parameters are stored in the registry (or on Linux in the configuration file of the application) and the D2000 Kernel reads them every time the client connects. So - how to do it? Basically according to the instructions in our documentation. To secure communication, we need to generate an encryption key and certificate and configure the D2000 Kernel to use it. Next, we need to distribute the certificate to clients and tell them to use it.
This is a companion discussion topic for the original entry at https://d2000.ipesoft.com/blog/security-configuring-tls-in-15-minutes/