OPC UA Certificates

 Home  Back  Next

OPC UA can be used in a secure and encrypted mode. Mostly this needs certificates.

 

A certificate is a technical passport. Each station has a certificate.

An OPC-UA secure connection needs the both certificates of the partners.

 

The following certificates exists:

Own certificate. It is used on network access from other stations in the network.
Own client certificate. It is used in active client connections to other stations.
Trusted certificates. This is a list of certificates which will be trusted.
Non trusted certificates. The list contains valid certificates which are not trusted.
Revoked certificates The list contains certificates which are revoked by the issuer, but they are valid for checks.

 

Each certificate has an issuer, a time period in which it is valid, and more information as details it may be used for, type of signing and more.

 

If you try trusting a certificate please call the issuer and check weather you can trust him. This decision can be tricky if the issuer is not well known by you. Possibly you can check the issuers entourage, ask if other people trust him.

 

Move all certificates you trust into the list of trusted certificates.

 

If you notice that a certificate is revoked - this can be by a phone call or an email - move the certificate to the list of revoked certificates.

 

On standard only certificates from the "Trusted certificates" will be trusted. For startup a plant the setting can changed to "Accept non trusted certificates" in the general system settings.

 

The management of certificates needs accuracy. Look for descriptions how certificates are managed securely, this is no simple job. In big environments it may be easier to create a chain of trusted certificates, ask your IT department for this. There are several service providers on the market doing this for you. In this case you need trust the service partner.