Once we have installed the WinCC WebNavigator / WebUX, we need to configure it to create the website in the Internet Informationion Services (IIS).
To do this, we follow the wizard.
Starting from WinCC version v7.4 SP1, which implemented the WinCC Certificate Manager, it is recommended to specify Install certificate later, as it will make it easier to export the certificate as we will see next.
We continue with the wizard and create a new site for WebNavigator.
With the certificate, we do the same, Install certificate later, and continue with the wizard, firewall configuration, and finish.
If we have followed the steps and run the WinCC Certificate Manager, we will have by default the following image.
If during the configuration we created a new certificate, as in the following example, we will see the two possible scenarios.
In the WinCC Certificate Manager, we will see that we have installed the certificate that we installed during the configuration.
Regardless, what we are going to create is a New Certificate Authority. We enter the corresponding data and remember the password ;-)
Once the CA is created, we will add the corresponding entity and add a new device.
We enter the name of our WinCC server and its IP address, ensuring that the connection is secure whether accessing by name or IP address; it is advisable not to change the IP address later ;-), otherwise, we will have to repeat the steps...
Now we are going to configure the certificates we want to install for our WinCC; for the example, I have installed all of them, but add according to project needs. For WinCC WebNavigator / WebUx, we would only need that one.
Finally, we need to install them, right-click on our server (Install all certificates).
And here we can see all the certificates we have installed.
We can verify that it has been installed correctly in Trusted Root Certification Authorities.
If we now access our WinCC server, we can see that it is via https and that the certificate is trusted, and if we check the certificate information, we confirm that it is the one we created.
We have now prepared and correctly functioning our Server / Workstation with WebNavigator Server. Now we are going to prepare to access this machine from other nodes on the network :-)
On the Certificate we created, we are going to Export -> Certificate CA.
We choose the DER format.
And we save it in our directory.
Here we have the certificate that we will need to install on each of the stations that will access with the WinCC WebNavigator Client.
We are now on our client called PCClient1.
If we access the Web Navigator Server, we have the warning that the connection is not private and not secure.
However, we can access, but as you can see, a picture is worth a thousand words.
We copy the certificate we created on the Server and run it.
When we run it, the following image appears, with its corresponding definition at the time of generating it.
Now we need to install the certificate and follow the wizard...
Select install for the entire Local Machine.
And as the certificate itself stated, it must be installed in Trusted Root Certification Authorities.
Once installed, if we restart our Web browser, it is resolved ;-)
