MSIB automatically generates a self-signed certificate to support HTTPS upon application installation. This ensures better security as communications occurring during the MSIB configuration are all encrypted.
MSIB creates a new self-signed certificate when there is no existing certificate configuration in sys.config
for a fresh installation and before any user configuration tasks. This ensures that a fresh installation of MSIB can serve its UI/API through HTTPS immediately without user configuration. MSIB can recover in case a customer provided certificate is not valid or corrupted ensuring MSIB will still provide the web UI/API.
Customer Provided SSL/TLS Server Certificate and Key
A user can provide two files to configure MSIB's SSL/TLS Server Certificate and Key by navigating to the Settings > SSL/TLS link located on the MSIB browser home page.
Certificate
*.CRT encoding can be PEM or DER (binary). A certificate contains the public key but contains much more information, most importantly the signature by the Certificate Authority over the data and public key.
Key
*.KEY is the private key that can be stored as PEM or DER (binary), and both PEM and PKCS#8 DER can protect the key with password-based encryption or be left unencrypted. Currently this type of password-protected key file is not supported by MSIB.
The user is required to choose each file through the provided web UI. Click the Apply button when complete. As the new files are written within the UI, the user will be automatically logged off and a browser refresh will be needed to complete the process.
Siemens Disclaimer
By default MSIB uses self-signed certificates to provide a minimum level of security for accessing the web configuration UI out-of-the-box. Your IT security organization may require and have a process for providing certificates for use with your networking infrastructure. Consult your internal IT security specialists for information regarding the use of certificates in your organization.