When connecting to a PLC over TLS, the user can provide a certificate (--certificate) that will be checked against the PLC's certificate. If no certificate parameter is provided or the certificates do not match, a prompt will appear that allows the user to accept or decline the PLC certificate for secure communication manually. This prompt will need user input and can interrupt automatic workflows and pipelines. For use cases, see the following sections Non-interactive mode and Automate workflow with Certificate Management Tool.
When using self-signed certificates, there will be no check of whether the IP address of the PLC matches the Subject Alternative Name of the certificate.
For information about setting up secure communication, see certificate handling.