Signed PDF files
Reports generated in PDF format using the PrintGraphicReport macro can be signed using the x.509 certificate included inside the HMI device. The signature makes sure that nobody tampered with the content of the document since it was signed.
See also:
- The PrintGraficReport parameters ("PrintGraphicReport")
- How to provide an x.509 Certificate to Linux devices ("x.509 Certificate")
When you open the file, the PDF reader tries to decide if the signature is valid then it looks at the certificate used to sign the document.
x.509 certificate signed from a Certificate Authority
If you have uploaded to the operator panel a valid x.509 certificate, signed by a Certification Authority, when you open the generated PDF file you will get a message that highlights the document is valid.
If the document has been modified, it will be highlighted with a different message.
Certificate Trust and Authenticity
Trust of signed certificates depends on the issuer of the certificate. The PDF reader will trust a certificate if you have told it to trust the issuer of that particular certificate. By default the Adobe Reader only trust certificates issued by Adobe or one of their partners. This means that it will show a warning if the certificate wasn't issued by one of these authorities. Microsoft Windows also uses certificates for validating software vendors and content providers. You can configure your Adobe Reader to trust these issuers in addition to the Adobe partners.
Check inside the preferences of the PDF reader if you want to enable the PDF reader to use even the Microsoft Windows certificates
x.509 self signed certificate
A self-signed certificate is a certificate that is not signed by a certificate authority (CA).
This means that PDF Reader can confirm the file is signed and not tampered, but cannot confirm the signature (alias the certificate) is authentic. Is the user have to take care to verify the certificate is authentic (for example, making sure that the document was actually produced by the panel) and confirm to the PDF reader that the certificate included in the document is valid and that can be considerate valid even for the next reports.
Steps to manual confirm that the certificate is authentic:
Now, if you close and reopen the PDF document you will get the valid signature. Moreover, even all other documents produced from the same HMI device will be shown with the correct signature because the information that the certificate is authentic has been stored inside settings of the PDF Reader.
On Linux devices, the BSP v1.0.507 or greater is required