This is a manual way to get and use Certificates from Letsencrypt with the Webserver (ULC UX) in WinCC Open Architecture. You have to update the certificate manually before it expires.
- Temporarily configure IIS (HTTP) to get a new certificate via WIN-ACME
- Download Win-ACME, it is a Letsencrypt Client for Windows + IIS
- Set “PrivateKeyExportable” to TRUE! in settings.json of Win-ACME!
- Execute Win-ACME wacs.exe and follow the instructions for fist setup.
wacs.exe --renew --baseuri https://acme-v02.api.letsencrypt.org/to renew a certificate.
- Export Root Certificate as PEM:
- Save Root Cert as root-cert.pem to the WinCC OA project config directory.
- Export the Host Certificate with “certlm”
- Convert Certificate from PFX to Certificate and Private-Key
openssl pkcs12 -in [yourfile.pfx] -nocerts -out keyfile-encrypted.key openssl rsa -in keyfile-encrypted.key -out privkey.pem => Save to config/privkey.pem openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out certificate.pem => Save to config/certificate.pem