Using the Hardware Loader, a generated loadable containing the TLS certificate can be transferred to the PLC.
As seen in the sample command below, the same PLC master secret which was specified when setting up protection of configuration data is passed as parameter via "--master-password" option.
Background: The configured PLC master secret is used in the SIMATIC AX Hardware Engineering tools to generate key information to protect confidential configuration data. However, for security reasons, neither the password nor the key information is stored in the project. In order for the key information to reach the PLC, the password must be re-entered at this point.
Note
Please not that the command line parameters for hwld are slightly different between versions 2 and 3.
If you're using version 3 of Hardware Loader, you will need to specify the "load" subcommand.
# hwld 2.x
apax hwld --target "192.168.0.6" -i "bin/hwcOutput/PLC_6" --accept-security-disclaimer --master-password ""
# hwld 3.x
apax hwld load --target "192.168.0.6" -i "bin/hwcOutput/PLC_6" --accept-security-disclaimer --master-password ""
Note
It is strongly recommended that the passwords, which are used in the commands mentioned above, are managed in a password manager.