OPC-UA Certificates

OPC-UA was built with a focus on security using x.509 certificates. The x.509 certificate used for OPC-UA authentication in Koios is a self-signed certificate with a ten (10) year expiration date that is generated during installation. To view, update, or download the certificate, navigate to Protocols > OPC-UA > Certificates. From here, select the ellipses to view the possible actions.

Update Certificate

This regenerates and saves the x.509 certificate with a new expiration date.

Download Certificate

This will download the certificate as a .der file.

Download Private Key

This will download the private key as a .pem file.

Working with OPC-UA certificates and security

There are multiple ways of dealing with self-signed certificates. Currently, Koios is designed to work with the accepted OPC-UA Automatic Certificate Management service provided within most OPC-UA Server providers. In order for the certificate to be automatically discovered by the server, you must:

1. Create a device using OPC-UA.

2. Test the connection. The server should receive the certificate upon testing.

3. Once you Accept/Trust the certificate in the server software, run test again and the connection should succeed.

Certificate Expirations

When a certificate expires, secure communication is still possible, and will continue to process messages and request from the client unless the OPC-UA server is setup to reject expired certificates.  A red 'X' will be displayed, and an error message will be registered at the Koios to warn an engineering user that the certificate is expired and should be renewed.