Trust the certificate between the OPC UA server and OPC UA client

In this release of the OPC UA Server service, the operation of creating the trust between the OPC UA Server and the OPC UA client must be done manually. The Test operation causes the Gateway Communication Driver to submit its own certificate to the OPC UA Server node so it can be trusted. The following steps show how to then trust the client certificate from the OPC UA Server node. If you are not using Gateway Communication Driver, follow the procedures listed in Configure server and client certificates for third-party OPC UA client applications.

1. Access the folder C:\ProgramData\AVEVA\PCS\OPC UA Rejected Client Certificates.

   This is the location where the certificate from the client is initially placed by default as an attempt to connect to the OPC UA Server.

   Note: The ProgramData folder is hidden by default. You may need to enable the hidden items option in Windows Explorer in order to view it.

2. Right-click on the certificate name, for example, OIGatewayOPC UA@OPCUA client node{long hex ID}.der.

3. Select Install Certificate from the context menu. This opens the Certificate Import Wizard.

4. Select Local Machine for the Store Location, then select Next.

5. From the Select Certificate Store list, select Trusted People as the certificate store. This is the only choice that will work with the OPC UA certificate.

6. Close the wizard to complete installation.

7. Finally, delete the certificate from the OPC UA Rejected Client Certificates folder, since the certificate is now installed.