Desigo CC Install Web Client

Desigo™ CC
Installing the Web Client Application Certificate

Version 2.1
A6V10415479_en_a_21 Building Technologies

2015-06-23
Copyright Notice
Copyright Notice
Notice
Document information is subject to change without notice by Siemens Switzerland
Ltd. Companies, names, and various data used in examples are fictitious unless
otherwise noted. No part of this document may be reproduced or transmitted in any
form or by any means, electronic or mechanical, for any purpose, without the
express written permission of Siemens Switzerland Ltd.
All software described in this document is furnished under a license agreement and
may be used or copied only in accordance with license terms.
For further information, contact your nearest Siemens Switzerland Ltd.
representative.
© Siemens Switzerland Ltd, 2015
Credits
Desigo, Desigo CC, Cerberus DMS, Cerberus PRO, and Sinteso are registered
trademarks of Siemens Switzerland Ltd.
Other product or company names mentioned herein may be the trademarks of their
respective owners.
Edition: 2015-06-23
Document ID: A6V10415479_en_a_21
2
Siemens Web Client Application Certificate A6V10415479_en_a_21
Building Technologies 2015-06-23
Table of Contents
About this Document ........................................................................................................ 4

Document Revision History ................................................................................................. 8
1 Web Site and Web Client Application Certificates .......................................... 9
1.1 Launching the Web or Windows App Clients ..................................................... 10
2 Installing the Web Site Certificate .................................................................. 12
3 Installing the Web Application Certificate ..................................................... 15
4 Installing the Certificate in the Windows Certificate Store .......................... 17
4.1 Trusted Root Certification Authorities ................................................................ 18
4.2 Trusted Publisher ............................................................................................... 21
3
About this Document
Document Revision History
About this Document

Purpose
This manual describes the procedure for downloading a security certificate from the
Desigo CC Web page, which is used to verify the signature of the Web application.
Scope
This document applies to Desigo CC Version 2.1.
Target Audience
End-Users are the primary users of the system. Depending on the specific
application, end users can be a building services engineer, a security guard, a
member of the fire brigade, the facility manager, and so on. They are responsible
for monitoring and managing the facility and any related events. They have the
appropriate training for operating the management station.
Project Engineers are responsible for planning and configuring a customer project.
They provide the parameterization of products, devices, and systems and are
responsible for general system troubleshooting. They have the training appropriate
to their function and to the products, devices, and systems to be configured. They
are familiar with the applied operating system(s) and the related network
environment.
Field Engineers provide the basic installation of devices and systems for a specific
customer at the customer site. They have the training appropriate to their function
and to the products, devices, and systems to be installed. They are also familiar
with the applied operating system(s) and the related network environment. Field
engineers are responsible for infrastructure troubleshooting (for example,
hardware, communication, network, and so on).
4
About this Document
Liability Disclaimer
We have checked the contents of this manual for agreement with the hardware and
software described. Since deviations cannot be precluded entirely, we cannot
guarantee full agreement. However, the data in this manual are reviewed regularly
and any necessary corrections included in subsequent editions. Suggestions for
improvement are welcome.
Product Security Disclaimer

Siemens products and solutions provide IT-specific security functions to ensure the
secure operation of building comfort, fire safety, security management and physical
security systems. The security functions on these products and solutions are
important components of a comprehensive security concept.
However, it is necessary to implement and maintain a comprehensive, state-of-the-
art security concept that is customized to individual security needs. Such a security
concept may result in additional site-specific preventive action to ensure that the
building comfort, fire safety, security management or physical security systems for
your site are operated in a secure manner. These measures may include, but are
not limited to, separating networks, physically protecting system components, user
awareness programs, in-depth security, and so on.
For additional information on building technology security and our offerings, contact
your Siemens sales or project department. We strongly recommend signing up for
our security advisories, which provide information on the latest security threats,
patches and other mitigation measures.
http://www.siemens.com/innovation/en/technology-focus/siemens-cert/cert-
security-advisories.htm
5
About this Document
Document Conventions
The following table lists conventions to help you use this document in a quick and
efficient manner.
Convention Examples
Numbered Lists (1, 2, 3…) indicate a 1. Turn OFF power to the field panel.
procedure with sequential steps. 2. Turn ON power to the field panel.
3. Open the panel.
One-step procedures are indicated by a  Expand the Event List.
bullet point.
Conditions that you must complete or must ⊳ The report you want to print is open.
be met before beginning a procedure are
designated with a ⊳. 1. Click Print .
Intermediate results (what will happen ⇨ The Print dialog box displays.
following the execution of a procedure step),
2. Select the printer and click Print.
are designated with an indented ⇨.
⇨ The print confirmation displays.
Results, after completing a procedure, are
designated with a ⇨.
Bold font indicates something you should Type F for field panels.
type or select, or when a dialog box or Click OK to save changes and close the
window is specified. dialog box.
The Create a New Project dialog box
displays.
Menu paths in procedures are indicated in Select File > Text, Copy > Group, which
bold. means from the File menu, select Text,
Copy and then Group.
File paths containing placeholders display [installation drive:]\[installation
the placeholders in italics enclosed in square folder]\[project]\...
brackets.
Error and system messages are displayed in The message Report Definition
Courier New font. successfully renamed displays in the
status bar.
Italics are used to emphasize new or The reaction processor continuously
important terms. executes a user-defined set of instructions
called the control program.
This symbol signifies a Note. Notes provide
additional information or helpful hints.
Cross references to other information in For more information on creating flowcharts,

printed material are indicated with an arrow see Flowcharts [→ 92].
and the page number, enclosed in brackets:
[→ 92]
Getting Help
For more information about the Desigo CC products, contact your local sales
representative.
6
About this Document
Safety Messages According ANSI Z535.6

The following examples show the ANSI standard safety messages used in this
document to draw the reader’s attention to important information.
ANSI distinguishes between personal injury safety messages and property damage
warning messages.
The personal injury safety messages have safety alert symbols and the following
alert level labels: DANGER!, WARNING!, CAUTION!
The label for property damage messages is: NOTICE.
Examples:
NOTICE
Property Damage Warning Message

Equipment damage or loss of data may occur if you do not follow a procedure or
instruction as specified.
CAUTION
Caution Safety Message

Minor or moderate injury may occur if you do not follow a procedure or instruction
as specified.
WARNING
Warning Safety Message

Personal injury or property damage may occur if you do not follow a procedure as
specified.
DANGER
Danger Safety Message

Electric shock, death, or severe property damage may occur if you do not perform
a procedure as specified.
7
About this Document

Document Identification
The document ID is structured as follows:
ID_Language(COUNTRY)_ModificationIndex_ProductVersionIndex
Example: A6Vnnnnnnnn_en_a_02

Modification Index Edition Date Brief Description
a 2015-06-23 Market Release Edition
8
Web Site and Web Client Application Certificates
Launching the Web or Windows App Clients
1
1 Web Site and Web Client Application

Certificates
Installing a Web Client Application Certificate is a one-time procedure required the
first time before you start a Desigo CC Web Client or Windows App Client. This
procedure downloads a security certificate from the Desigo CC Web page, which
allows the browser to verify the signature when downloading the application.
Definitions
 Web Client application certificate or Web application certificate: It is a
certificate for signing a Web application on the Server and for verifying the
signature on the client.
 Web site certificate: A certificate used by the Web site to prove it's identity and
to secure the communication between the Web Server (IIS) and the Web
Client.
If the Web site certificates are not already installed on the computer where you are
about to launch the Web Client, then on accessing the HTTPs URL for a Web
site/Web application, the Certificate Error: Navigation Blocked page displays.
The Web site certificate needs to be valid on the client. Depending on the type of
certificate used for the web site, proceed as follows:
 In case of a self-signed certificate [➙ 12], you need to install the web site
certificate in the Trusted Root Certification Authorities and Trusted Publisher
store of the Windows Certificate store.
 In case of an SMC-created or commercial host certificate, typically its root
certificate is missing on the client and you need to install it in the Trusted Root
Certification Authorities store. Moreover, you need to install the host certificate
(that was used for signing the Web application) in the Trusted Publisher store
of the Windows Certificate store.
NOTICE
Self-signed certificates are supported to allow local deployments without the

overhead of obtaining commercial certificates. When using self-signed
certificates, the owner of the Desigo CC system is responsible for maintaining
their validity status, and for manually adding them to and removing them from the
list of trusted certificates.
Self-signed certificates must only be used in accordance with local IT regulations

(several CIO organizations do not allow them, and network scans will identify
them). Importing of commercial certificates follows the same procedures.
9
1 Launching the Web or Windows App Clients
1.1 Launching the Web or Windows App Clients

Launching Web/Windows App Clients Using Web Application HTTPs
URL
1. Browse the HTTPs URL for the Web application in the Internet Explorer
browser IE 11. For more information, see section Browsing a Web
Site/Application in the System Management Console Manual (A6V10415491 ).
NOTE: If you accessed the Web page using the Web site URL instead of using
the URL of the Web application directly, then you must click one of the Web
application links available on the Web page to launch the Web/Windows App
Clients.
 The Desigo CC Web page displays to launch Web/Windows App Clients.
OR
 The Certificate Error:Navigation Blocked page displays. This error occurs
with self-signed certificates and SMC-created host certificates if they are
not already available in the respective Windows Certificate stores. Usually
this error is not observed with commercial certificates.
2. If the Certificate Error:Navigation Blocked page displays, do the following:
– Install the Web site certificate [➙ 12].
– Refresh the Web application HTTPs URL in the IE 11 browser or re-launch
the Web application
 The Desigo CC Web page with thumbnails for Web and Windows App
Clients displays.
3. Install the Web Application Certificate [➙ 15] for verifying the signature when
downloading the application in the appropriate Windows certificate store
[➙ 17].
NOTE 1:
Run the Web/Windows App Clients with Windows Internet Explorer 11.
Microsoft recommends upgrading and staying up-to-date on the latest Internet
Explorer browser version. Beginning January 2016, only the most current version
of Internet Explorer available for a supported operating system will receive
technical support and security updates.
NOTE 2:
In case host certificates created with SMC are used for the Web site / Web
application, it is recommended to add the Web site/Web application URL to the
Trusted sites zone from Tools > Internet Options > Security to avoid failing
certificate revocation checks.
10
1
Technical Tips
 If you change the Web application certificate using SMC, then you must
reinstall the updated certificate on the clients.
 If you are unable to access the Web/Windows App Client, see section
Troubleshooting in SMC in the System Management Console Manual
(A6V10415491 ).
 If host certificates created with SMC are used for signing the web application
and the internet browser is configured to check the publisher's certificate
revocation, you might get the Security Warning message even after installing
the certificate. In this case you can either add the web site to the Trusted Sites
zone to resolve the issue or ignore the warning and click Run (for Web Client)
or Install (for Windows App Client).
 For more information on how to launch the Web or Windows App Client see
Getting Started (A6V10415475 ).
11
Installing the Web Site Certificate
2
2 Installing the Web Site Certificate

 You have created a Web site/Web application using SMC and the URLs
(HTTP/HTTPs) are available. For more information, see the System
Management Console Manual (A6V10415491 ).
 You have not installed the certificate used in the Web site.
1. Browse the Web site/Web application HTTPs URL in the Windows Internet
Explorer 11 browser.
 The Certificate Error: Navigation Blocked page displays due to untrusted
certificate.
2. Click Continue to this website (not recommended).
 In the Desigo CC Web page address bar, a security report Certificate Error,
displays.
3. Click Certificate Error to open a menu that contains a hyperlink to View
certificates.
12
2
4. Click View Certificates.

 The Certificate dialog box that displays.
5. In the Certificate dialog box, click Install Certificate.
NOTE: If you have used a host/self-signed certificate during Web site creation,
then on clicking Install Certificate, the same Web site host certificate displays
and you proceed with installing it in the TRCA store. However, note that in case
of a host certificate to work with Web/Windows App Clients, you need the root
of the host certificate used during Web site creation in the TRCA store. Ensure
that it is imported in TRCA.
13
2
6. Depending on the type of certificate used, proceed with importing the certificate
as follows:
– If the certificate you used while creating a Web site is a self-signed
certificate, then you need to install it in the Trusted Root Certification
Authorities [➙ 18] store.
– If the certificate you used while creating a Web site is a host certificate,
then you need to install the root certificate of the host in the Trusted Root
Certification Authorities [➙ 18] store.
If the Certificate Error: Navigation Blocked page displays even after installing the
Web site certificate then check if the Subject Alternative Name (SAN) property for
the selected certificate contains the host name provided at the creation of the
Web site. For example, if the Web site Host name field contains the full computer
name, ABCXY022PC.dom01.company.net, then the certificate provided in the
Certificate issued to field must contain the full computer name
ABCXY022PC.dom01.company.net as one of its name in the SAN.
14
Installing the Web Application Certificate
3
3 Installing the Web Application Certificate

 You have created a Web application using SMC and the HTTP/HTTPs URLs
display. For more information, see the System Management Console Manual
(A6V10415491 ).
 The Desigo CC Web page is open in the Windows Internet Explorer browser,
and the Desigo CC tab contents are displayed.
1. Do one of the following:
– In the Desigo CC Web page, click the Click Here link on the Desigo CC
page for a Web application.
– In the Desigo CC Web page, click the Support tab; then select the Web
Client Application Certificate link.
2. In the File download – Security Warning dialog box, click Open.
15
Installing the Web Application Certificate
3
4. Depending on the type of certificate used, proceed with importing the certificate
as follows:
– If the certificate you used while creating a Web application is a self-signed
certificate, then you need to install it in the Trusted Root Certification
Authorities [➙ 18] and Trusted Publisher [➙ 21] Windows certificate store.
– If the certificate you used while creating a Web application is a host
certificate, then you need to install it in the Trusted Publisher [➙ 21]
Windows Certificate store. You also need to install the root certificate of the
host in the Trusted Root Certification Authorities [➙ 18] store.
NOTE: If host certificates created with SMC are used for signing the web
application and the Internet browser is configured to check the publisher's
certificate revocation, you might get the Security Warning message even
after installing the certificate. In this case you can either add the web site to
the Trusted Sites zone to resolve the issue or ignore the warning and click
Run (for Web Client) or Install (for Windows App Client).
16
Installing the Certificate in the Windows Certificate Store
4
4 Installing the Certificate in the Windows

Certificate Store
On the machine where you are launching the Web/Windows App Client, you must
install the certificates, the default self-signed or commercial (host and its root), in
the appropriate store location in the Windows Certificate store as described in the
following table.
Certificate Certificate Type Install in the Windows Remarks

Used for Certificate Store
Web site Self-signed Trusted Root You must import the self signed
Certification certificate in the Trusted Root
Authorities Certification Authorities Windows
Certificate store.
Host The host certificate is installed in
TRCA. However, to work with
Web/Windows App Clients you
must ensure the following:
 If the host certificate was
created with SMC, you must
import the root certificate of
the host certificate in the
Trusted Root Certification
Authorities Windows
Certificate store.
 If the certificate is a
commercial certificate, then
the Root Certification Authority
and the Intermediate
Certification Authority
certificates are most often
already available in the
corresponding Windows
Certificate stores.
Web Self-signed Trusted Root
Application Certification
Authorities and
Trusted Publisher
Host Trusted Publisher You must add the root certificate
of the host certificate in the
Trusted Root Certification
Authorities Windows Certificate
Store.
If host certificates created with

SMC are used for signing the web
application and the Internet
browser is configured to check the
publisher's certificate revocation,
you might get the Security
Warning message even after
installing the certificate. In this
case you can either add the Web
site to the Trusted Sites zone to
resolve the issue or ignore the
warning and click Run (for Web
Client) or Install (for Windows App
Client).
17
4 Trusted Root Certification Authorities
4.1 Trusted Root Certification Authorities

 You want to install the certificates in the Trusted Root Certification Authorities
Windows Certificate store using the Certificate dialog box.
 The Certificate Import Wizard dialog box displays.

2. In the Certificate Import Wizard, click Next.
18
Trusted Root Certification Authorities
4
3. Now, select the Place all certificates in the following store option, and browse
to and select Trusted Root Certification Authorities certificate store.
NOTE: On the Windows 8.1 operating system, while installing the certificates
you must select the Windows store, for example User Store, from where you
want to import the certificate.
4. Click Next.
19
4 Trusted Root Certification Authorities
5. Click Finish.
6. When the Security Warning message displays, click Yes to install the
certificate.
7. Click OK to acknowledge the successful import.
20
Trusted Publisher
4
 In the Desigo CC Web page, select the Desigo CC tab; then click the Web
Client thumbnail to start the application in the Web browser.
4.2 Trusted Publisher

 You want to install the certificates in the Trusted Publisher Windows Certificate
store using the Certificate dialog box.
 The Certificate Import Wizard dialog box displays.

2. In the Certificate Import Wizard, click Next.
21
4 Trusted Publisher
3. Now, select the Place all certificates in the following store option, and browse
to and select Trusted Publisher Certificate store.
NOTE: On the Windows 8.1 operating system, while installing the certificates,
you must select the Windows store, for example User Store, from where you
want to import the certificate.
4. Click Next.
22
Trusted Publisher
4
5. Click Finish.
6. Click OK to close the Certificate dialog box after the successful import.
 In the Desigo CC Web page, select the Desigo CC tab; then click the Web
Client thumbnail to start the application in the Web browser.
23
Issued by © Siemens Switzerland Ltd, 2015
Siemens Switzerland Ltd Technical specifications and availability subject to change without notice.
Building Technologies Division
International Headquarters
Gubelstrasse 22
CH-6301 Zug
Tel. +41 41-724 24 24
www.siemens.com/buildingtechnologies
Document ID A6V10415479_en_a_21
Edition 2015-06-23

Desigo CC Install Web Client

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Desigo CC Install Web Client

Uploaded by

Copyright:

Available Formats

Desigo™ CC

Installing the Web Client Application Certificate

A6V10415479_en_a_21 Building Technologies

About this Document ........................................................................................................ 4

About this Document

Product Security Disclaimer

Cross references to other information in For more information on creating flowcharts,

Safety Messages According ANSI Z535.6

Property Damage Warning Message

Caution Safety Message

Warning Safety Message

Danger Safety Message

Document Revision History

Document Revision History

a 2015-06-23 Market Release Edition

1 Web Site and Web Client Application

Self-signed certificates are supported to allow local deployments without the

Self-signed certificates must only be used in accordance with local IT regulations

1.1 Launching the Web or Windows App Clients

2 Installing the Web Site Certificate

4. Click View Certificates.

3 Installing the Web Application Certificate

3. In the Certificate dialog box, click Install Certificate.

4 Installing the Certificate in the Windows

Certificate Certificate Type Install in the Windows Remarks

If host certificates created with

4.1 Trusted Root Certification Authorities

 The Certificate Import Wizard dialog box displays.

7. Click OK to acknowledge the successful import.

4.2 Trusted Publisher

 The Certificate Import Wizard dialog box displays.

You might also like