HTTPs Client question

Hi, we are currently making necessary modifications to various protocols to achieve compliance with CRA (Cyber Reselience Act). We use B&Rs HTTP client for RESTful endpoint calls to an nginx web server. I have successfully transitioned the B&R client from HTTP to HTTPs (thanks to information in this forum). I’m using mkcert as a CA and certificates will be automatically generated when necessary (expired). My question: will AR handle this as most web clients by automatically updating the certificate on the client side when a new certificate has been ussued?

Versions: AS 6.5, AR 6.6.3

Any help is greatly appreciated.

Hi,

if you use the httpsClient functionblock where the SSLident has to be connected to input interface of the functionblock, the certificates will not be automatically updated. The certificates are bound in the SSL config referenced on the interface.
If there is a new certificate necessary, you have to update the SSL config used for httpsClient (using ArCert and ArSSL). After changing the certficates in the SSL config, a restart of the PLC is required to make use of the changes.

As an alternative there is httpsClientMcs functionblock available (starting with Automation Runtime 6.5) where the managed certificate store is used.
As the names states, there the certificates are managed externally and can be updated via the Managed Certificate Store configuration. A managed certificate store is used when integrating into existing security architectures and PKI infrastructures.
TLS/SSL external certificate manager

BR Fabian