Desigo™ CC
Installing the Web Client Application Certificate
Version 2.1
A6V10380509_en_a_21
2015-06-23
Siemens Industry, Inc.
Building Technologies
Copyright Notice
Copyright Notice
Notice
Document information is subject to change without notice by Siemens Industry, Inc.
Companies, names, and various data used in examples are fictitious unless otherwise
noted. No part of this document may be reproduced or transmitted in any form or by
any means, electronic or mechanical, for any purpose, without the express written
permission of Siemens Industry, Inc.
All software described in this document is furnished under a license agreement and
may be used or copied only in accordance with license terms.
For further information, contact your nearest Siemens Industry, Inc. representative.
© Siemens Industry, Inc. 2015
To the Reader
Your feedback is important to us. If you have comments about this manual, please
submit them to: SBT_technical.editor.us.sbt@siemens.com
Credits
Desigo, Desigo CC, Cerberus DMS, APOGEE, XLS FireFinder, and Sinteso are
registered trademarks of Siemens Industry, Inc.
Other product or company names mentioned herein may be the trademarks of their
respective owners.
Edition: 2015-06-23
Document ID: A6V10380509_en_a_21
2
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Table of Contents
About this Document ........................................................................................................ 4
Document Revision History ................................................................................................. 8
1
Web Site and Web Client Application Certificates .......................................... 9
1.1
Launching the Web or Windows App Clients ..................................................... 10
2
Installing the Web Site Certificate .................................................................. 12
3
Installing the Web Application Certificate ..................................................... 15
4
Installing the Certificate in the Windows Certificate Store .......................... 17
4.1
Trusted Root Certification Authorities ................................................................ 18
4.2
Trusted Publisher ............................................................................................... 22
3
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
About this Document
Document Revision History
About this Document
Purpose
This manual describes the procedure for downloading a security certificate from the
Desigo CC Web page, which is used to verify the signature of the Web application.
Scope
This document applies to Desigo CC Version 2.1.
Target Audience
End-Users are the primary users of the system. Depending on the specific application,
end users can be a building services engineer, a security guard, a member of the fire
brigade, the facility manager, and so on. They are responsible for monitoring and
managing the facility and any related events. They have the appropriate training for
operating the management station.
Project Engineers are responsible for planning and configuring a customer project.
They provide the parameterization of products, devices, and systems and are
responsible for general system troubleshooting. They have the training appropriate to
their function and to the products, devices, and systems to be configured. They are
familiar with the applied operating system(s) and the related network environment.
Field Engineers provide the basic installation of devices and systems for a specific
customer at the customer site. They have the training appropriate to their function and
to the products, devices, and systems to be installed. They are also familiar with the
applied operating system(s) and the related network environment. Field engineers are
responsible for infrastructure troubleshooting (for example, hardware, communication,
network, and so on).
4
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
About this Document
Document Revision History
Liability Disclaimer
We have checked the contents of this manual for agreement with the hardware and
software described. Since deviations cannot be precluded entirely, we cannot
guarantee full agreement. However, the data in this manual are reviewed regularly and
any necessary corrections included in subsequent editions. Suggestions for
improvement are welcome.
Product Security Disclaimer
Siemens products and solutions provide IT-specific security functions to ensure the
secure operation of building comfort, fire safety, security management and physical
security systems. The security functions on these products and solutions are important
components of a comprehensive security concept.
However, it is necessary to implement and maintain a comprehensive, state-of-the-art
security concept that is customized to individual security needs. Such a security
concept may result in additional site-specific preventive action to ensure that the
building comfort, fire safety, security management or physical security systems for your
site are operated in a secure manner. These measures may include, but are not limited
to, separating networks, physically protecting system components, user awareness
programs, in-depth security, and so on.
For additional information on building technology security and our offerings, contact
your Siemens sales or project department. We strongly recommend signing up for our
security advisories, which provide information on the latest security threats, patches
and other mitigation measures.
http://www.siemens.com/innovation/en/technology-focus/siemens-cert/cert-securityadvisories.htm
5
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
About this Document
Document Revision History
Document Conventions
The following table lists conventions to help you use this document in a quick and
efficient manner.
Convention
Examples
Numbered Lists (1, 2, 3…) indicate a
procedure with sequential steps.
1. Turn OFF power to the field panel.
2. Turn ON power to the field panel.
3. Open the panel.
One-step procedures are indicated by a bullet
point.

Conditions that you must complete or must be
met before beginning a procedure are
designated with a ⊳.
Intermediate results (what will happen
following the execution of a procedure step),
are designated with an indented ⇨.
Results, after completing a procedure, are
designated with a ⇨.
⊳ The report you want to print is open.
Bold font indicates something you should type
or select, or when a dialog box or window is
specified.
Type F for field panels.
Click OK to save changes and close the dialog
box.
The Create a New Project dialog box displays.
Menu paths in procedures are indicated in
bold.
Select File > Text, Copy > Group, which
means from the File menu, select Text, Copy
and then Group.
File paths containing placeholders display the
placeholders in italics enclosed in square
brackets.
[installation drive:]\[installation
folder]\[project]\...
Error and system messages are displayed in
Courier New font.
The message Report Definition
successfully renamed displays in the
status bar.
Expand the Event List.
1. Click Print
.
⇨ The Print dialog box displays.
2. Select the printer and click Print.
⇨ The print confirmation displays.
Italics are used to emphasize new or important The reaction processor continuously executes
terms.
a user-defined set of instructions called the
control program.
This symbol signifies a Note. Notes provide
additional information or helpful hints.
Cross references to other information in
printed material are indicated with an arrow
and the page number, enclosed in brackets:
[→ 92]
For more information on creating flowcharts,
see Flowcharts [→ 92].
Getting Help
For more information about the Desigo CC products, contact your local sales
representative.
6
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
About this Document
Document Revision History
Safety Messages According ANSI Z535.6
The following examples show the ANSI standard safety messages used in this
document to draw the reader’s attention to important information.
ANSI distinguishes between personal injury safety messages and property damage
warning messages.
The personal injury safety messages have safety alert symbols and the following alert
level labels: DANGER!, WARNING!, CAUTION!
The label for property damage messages is: NOTICE.
Examples:
NOTICE
Property Damage Warning Message
Equipment damage or loss of data may occur if you do not follow a procedure or
instruction as specified.
CAUTION
Caution Safety Message
Minor or moderate injury may occur if you do not follow a procedure or instruction as
specified.
WARNING
Warning Safety Message
Personal injury or property damage may occur if you do not follow a procedure as
specified.
DANGER
Danger Safety Message
Electric shock, death, or severe property damage may occur if you do not perform a
procedure as specified.
7
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
About this Document
Document Revision History
Document Revision History
Document Identification
The document ID is structured as follows:
ID_Language(COUNTRY)_ModificationIndex_ProductVersionIndex
Example: A6Vnnnnnnnn_en_a_02
Document Revision History
Modification Index
Edition Date
Brief Description
a
2015-06-23
Market Release Edition
8
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Web Site and Web Client Application Certificates
Launching the Web or Windows App Clients
1
1 Web Site and Web Client Application
Certificates
Installing a Web Client Application Certificate is a one-time procedure required the first
time before you start a Desigo CC Web Client or Windows App Client. This procedure
downloads a security certificate from the Desigo CC Web page, which allows the
browser to verify the signature when downloading the application.
Definitions
Web Client application certificate or Web application certificate: It is a certificate for
signing a Web application on the Server and for verifying the signature on the
client.
 Web site certificate: A certificate used by the Web site to prove it's identity and to
secure the communication between the Web Server (IIS) and the Web Client.
If the Web site certificates are not already installed on the computer where you are
about to launch the Web Client, then on accessing the HTTPs URL for a Web site/Web
application, the Certificate Error: Navigation Blocked page displays.
The Web site certificate needs to be valid on the client. Depending on the type of
certificate used for the web site, proceed as follows:
 In case of a self-signed certificate [➙ 12], you need to install the web site certificate
in the Trusted Root Certification Authorities and Trusted Publisher store of the
Windows Certificate store.
 In case of an SMC-created or commercial host certificate, typically its root
certificate is missing on the client and you need to install it in the Trusted Root
Certification Authorities store. Moreover, you need to install the host certificate
(that was used for signing the Web application) in the Trusted Publisher store of
the Windows Certificate store.

NOTICE
Self-signed certificates are supported to allow local deployments without the
overhead of obtaining commercial certificates. When using self-signed certificates,
the owner of the Desigo CC system is responsible for maintaining their validity status,
and for manually adding them to and removing them from the list of trusted
certificates.
Self-signed certificates must only be used in accordance with local IT regulations
(several CIO organizations do not allow them, and network scans will identify them).
Importing of commercial certificates follows the same procedures.
9
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
1
Web Site and Web Client Application Certificates
Launching the Web or Windows App Clients
1.1
Launching the Web or Windows App Clients
Launching Web/Windows App Clients Using Web Application HTTPs
URL
1. Browse the HTTPs URL for the Web application in the Internet Explorer browser IE
11. For more information, see section Browsing a Web Site/Application in the
System Management Console Manual (A6V10381671 ).
NOTE: If you accessed the Web page using the Web site URL instead of using the
URL of the Web application directly, then you must click one of the Web application
links available on the Web page to launch the Web/Windows App Clients.
 The Desigo CC Web page displays to launch Web/Windows App Clients. OR
 The Certificate Error:Navigation Blocked page displays. This error occurs with
self-signed certificates and SMC-created host certificates if they are not already
available in the respective Windows Certificate stores. Usually this error is not
observed with commercial certificates.
2. If the Certificate Error:Navigation Blocked page displays, do the following:
–
Install the Web site certificate [➙ 12].
–
Refresh the Web application HTTPs URL in the IE 11 browser or re-launch the
Web application
 The Desigo CC Web page with thumbnails for Web and Windows App Clients
displays.
3. Install the Web Application Certificate [➙ 15] for verifying the signature when
downloading the application in the appropriate Windows certificate store [➙ 17].
NOTE 1:
Run the Web/Windows App Clients with Windows Internet Explorer 11.
Microsoft recommends upgrading and staying up-to-date on the latest Internet
Explorer browser version. Beginning January 2016, only the most current version of
Internet Explorer available for a supported operating system will receive technical
support and security updates.
NOTE 2:
In case host certificates created with SMC are used for the Web site / Web
application, it is recommended to add the Web site/Web application URL to the
Trusted sites zone from Tools > Internet Options > Security to avoid failing certificate
revocation checks.
10
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Web Site and Web Client Application Certificates
Launching the Web or Windows App Clients
1
Technical Tips




If you change the Web application certificate using SMC, then you must reinstall
the updated certificate on the clients.
If you are unable to access the Web/Windows App Client, see section
Troubleshooting in SMC in the System Management Console Manual
(A6V10381671 ).
If host certificates created with SMC are used for signing the web application and
the internet browser is configured to check the publisher's certificate revocation,
you might get the Security Warning message even after installing the certificate. In
this case you can either add the web site to the Trusted Sites zone to resolve the
issue or ignore the warning and click Run (for Web Client) or Install (for Windows
App Client).
For more information on how to launch the Web or Windows App Client see
Getting Started (A6V10380492 ).
11
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
2
Installing the Web Site Certificate
2 Installing the Web Site Certificate
 You have created a Web site/Web application using SMC and the URLs
(HTTP/HTTPs) are available. For more information, see the System Management
Console Manual (A6V10381671 ).
 You have not installed the certificate used in the Web site.
1. Browse the Web site/Web application HTTPs URL in the Windows Internet
Explorer 11 browser.
 The Certificate Error: Navigation Blocked page displays due to untrusted
certificate.
2.
Click Continue to this website (not recommended).
 In the Desigo CC Web page address bar, a security report Certificate Error,
displays.
3. Click Certificate Error to open a menu that contains a hyperlink to View certificates.
12
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Installing the Web Site Certificate
2
4. Click View Certificates.
 The Certificate dialog box that displays.
5. In the Certificate dialog box, click Install Certificate.
NOTE: If you have used a host/self-signed certificate during Web site creation,
then on clicking Install Certificate, the same Web site host certificate displays and
you proceed with installing it in the TRCA store. However, note that in case of a
host certificate to work with Web/Windows App Clients, you need the root of the
host certificate used during Web site creation in the TRCA store. Ensure that it is
imported in TRCA.
13
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
2
Installing the Web Site Certificate
6. Depending on the type of certificate used, proceed with importing the certificate as
follows:
–
If the certificate you used while creating a Web site is a self-signed certificate,
then you need to install it in the Trusted Root Certification Authorities [➙ 18]
store.
–
If the certificate you used while creating a Web site is a host certificate, then
you need to install the root certificate of the host in the Trusted Root
Certification Authorities [➙ 18] store.
If the Certificate Error: Navigation Blocked page displays even after installing the Web
site certificate then check if the Subject Alternative Name (SAN) property for the
selected certificate contains the host name provided at the creation of the Web site.
For example, if the Web site Host name field contains the full computer name,
ABCXY022PC.dom01.company.net, then the certificate provided in the Certificate
issued to field must contain the full computer name
ABCXY022PC.dom01.company.net as one of its name in the SAN.
14
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Installing the Web Application Certificate
3
3 Installing the Web Application Certificate
 You have created a Web application using SMC and the HTTP/HTTPs URLs
display. For more information, see the System Management Console Manual
(A6V10381671 ).
 The Desigo CC Web page is open in the Windows Internet Explorer browser, and
the Desigo CC tab contents are displayed.
1. Do one of the following:
–
In the Desigo CC Web page, click the Click Here link on the Desigo CC page
for a Web application.
–
In the Desigo CC Web page, click the Support tab; then select the Web Client
Application Certificate link.
2. In the File download – Security Warning dialog box, click Open.
3. In the Certificate dialog box, click Install Certificate.
15
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
3
Installing the Web Application Certificate
4. Depending on the type of certificate used, proceed with importing the certificate as
follows:
–
If the certificate you used while creating a Web application is a self-signed
certificate, then you need to install it in the Trusted Root Certification
Authorities [➙ 18] and Trusted Publisher [➙ 22] Windows certificate store.
–
If the certificate you used while creating a Web application is a host certificate,
then you need to install it in the Trusted Publisher [➙ 22] Windows Certificate
store. You also need to install the root certificate of the host in the Trusted Root
Certification Authorities [➙ 18] store.
NOTE: If host certificates created with SMC are used for signing the web
application and the Internet browser is configured to check the publisher's
certificate revocation, you might get the Security Warning message even after
installing the certificate. In this case you can either add the web site to the
Trusted Sites zone to resolve the issue or ignore the warning and click Run (for
Web Client) or Install (for Windows App Client).
16
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Installing the Certificate in the Windows Certificate Store
Launching the Web or Windows App Clients
4
4 Installing the Certificate in the Windows
Certificate Store
On the machine where you are launching the Web/Windows App Client, you must
install the certificates, the default self-signed or commercial (host and its root), in the
appropriate store location in the Windows Certificate store as described in the following
table.
Certificate
Used for
Certificate Type
Install in the Windows
Certificate Store
Remarks
Web site
Self-signed
Trusted Root
Certification Authorities
You must import the self signed
certificate in the Trusted Root
Certification Authorities Windows
Certificate store.
Host
Web
Application
The host certificate is installed in
TRCA. However, to work with
Web/Windows App Clients you must
ensure the following:
 If the host certificate was
created with SMC, you must
import the root certificate of the
host certificate in the Trusted
Root Certification Authorities
Windows Certificate store.
 If the certificate is a commercial
certificate, then the Root
Certification Authority and the
Intermediate Certification
Authority certificates are most
often already available in the
corresponding Windows
Certificate stores.
Self-signed
Trusted Root
Certification Authorities
and Trusted Publisher
Host
Trusted Publisher
You must add the root certificate of
the host certificate in the Trusted
Root Certification Authorities
Windows Certificate Store.
If host certificates created with SMC
are used for signing the web
application and the Internet browser
is configured to check the
publisher's certificate revocation,
you might get the Security Warning
message even after installing the
certificate. In this case you can
either add the Web site to the
Trusted Sites zone to resolve the
issue or ignore the warning and click
Run (for Web Client) or Install (for
Windows App Client).
17
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
4
Installing the Certificate in the Windows Certificate Store
Trusted Root Certification Authorities
4.1
Trusted Root Certification Authorities
 You want to install the certificates in the Trusted Root Certification Authorities
Windows Certificate store using the Certificate dialog box.
1. In the Certificate dialog box, click Install Certificate.
 The Certificate Import Wizard dialog box displays.
2. In the Certificate Import Wizard, click Next.
18
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Installing the Certificate in the Windows Certificate Store
Trusted Root Certification Authorities
4
3. Now, select the Place all certificates in the following store option, and browse to
and select Trusted Root Certification Authorities certificate store.
NOTE: On the Windows 8.1 operating system, while installing the certificates you
must select the Windows store, for example User Store, from where you want to
import the certificate.
4. Click Next.
19
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
4
Installing the Certificate in the Windows Certificate Store
Trusted Root Certification Authorities
5. Click Finish.
6. When the Security Warning message displays, click Yes to install the certificate.
20
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Installing the Certificate in the Windows Certificate Store
Trusted Root Certification Authorities
4
7. Click OK to acknowledge the successful import.
 In the Desigo CC Web page, select the Desigo CC tab; then click the Web Client
thumbnail to start the application in the Web browser.
21
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
4
Installing the Certificate in the Windows Certificate Store
Trusted Publisher
4.2
Trusted Publisher
 You want to install the certificates in the Trusted Publisher Windows Certificate
store using the Certificate dialog box.
1. In the Certificate dialog box, click Install Certificate.
 The Certificate Import Wizard dialog box displays.
2. In the Certificate Import Wizard, click Next.
22
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Installing the Certificate in the Windows Certificate Store
Trusted Publisher
4
3. Now, select the Place all certificates in the following store option, and browse to
and select Trusted Publisher Certificate store.
NOTE: On the Windows 8.1 operating system, while installing the certificates, you
must select the Windows store, for example User Store, from where you want to
import the certificate.
4. Click Next.
23
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
4
Installing the Certificate in the Windows Certificate Store
Trusted Publisher
5. Click Finish.
6. Click OK to close the Certificate dialog box after the successful import.
24
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Installing the Certificate in the Windows Certificate Store
Trusted Publisher
4
 In the Desigo CC Web page, select the Desigo CC tab; then click the Web Client
thumbnail to start the application in the Web browser.
25
Siemens Industry, Inc.
Building Technologies
Web Client Application Certificate
A6V10380509_en_a_21
2015-06-23
Issued by
Siemens Industry, Inc.
Building Technologies Division
1000 Deerfield Pkwy
Buffalo Grove IL 60089
Tel. +1 847-215-1000
Document ID
A6V10380509_en_a_21
Edition
2015-06-23
© Siemens Industry, Inc., 2015
Technical specifications and availability subject to change without notice.