- 19 Sep 2024
- 1 Minute to read
- Print
- DarkLight
OPC-UA Certificates
- Updated on 19 Sep 2024
- 1 Minute to read
- Print
- DarkLight
OPC-UA was built with a focus on security using x.509 certificates. The x.509 certificate used for OPC-UA authentication in Koios is a self-signed certificate with a ten (10) year expiration date that is generated during installation. To view, update, or download the certificate, navigate to Protocols
> OPC-UA
> Certificates
. From here, select the ellipses to view the possible actions.
Update Certificate
This regenerates and saves the x.509 certificate with a new expiration date.
Download Certificate
This will download the certificate as a .der
file.
Download Private Key
This will download the private key as a .pem
file.
Working with OPC-UA certificates and security
There are multiple ways of dealing with self-signed certificates. Currently, Koios is designed to work with the accepted OPC-UA Automatic Certificate Management service provided within most OPC-UA Server providers. In order for the certificate to be automatically discovered by the server, you must:
Create a device using OPC-UA.
Test the connection. The server should receive the certificate upon testing.
Once you Accept/Trust the certificate in the server software, run test again and the connection should succeed.
Certificate Expirations
When a certificate expires, secure communication is still possible, and will continue to process messages and request from the client unless the OPC-UA server is setup to reject expired certificates. A red 'X' will be displayed, and an error message will be registered at the Koios to warn an engineering user that the certificate is expired and should be renewed.