Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Manufacturing Execution System 2023 R2

Make the Root SSL certificate available to MES Web Portal users

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Make the Root SSL certificate available to MES Web Portal users

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 18, 2024
  • 3 minute read

A Root SSL certificate is a certificate issued by a trusted certificate authority (CA). By default, the Windows Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program.

The System Management Server has a private CA that can be used to issue self-signed certificates for use by HTTPS connections to nodes in the System Platform network topology. The root certificate for this private CA is installed in the Trusted Root Certification Authorities certificate store. The root certificate name for a self-signed certificate that was issued by the System Management Server includes the host name of the node on which the AVEVA Identity Manager is running followed by ASB Root CA (e.g., MESTP ASB Root CA).

If the Identity Manager and MES Web Portal are installed on different nodes, the root certificate file for the certificate that was assigned to MES Web Portal must be installed in Windows on client machines of Web Portal users. This enables the client machines to trust and allow the HTTPS connection to MES Web Portal. You have to provide the root certificate file to those users. Instructions for exporting the root certificate to a file are provided below. The MES Web Portal User Guide and help include instructions for how to install the Root certificate file in Windows on a client machine.

Export the root certificate to a file

  1. On the node on which the Identity Manager is running, open Microsoft Management Console (open the Run application and type mmc).

    A console window appears.

  2. On the File menu, click Add/Remove Snap-in.

  3. On the Add or Remove Snap-ins dialog, select Certificates and click Add >.

  4. On the Certificates snap-in dialog, leave the default selection and click Finish.

  5. On the Add or Remove Snap-ins dialog, click OK.

  6. In the console window navigation panel, expand Certificates, expand Trusted Root Certification Authorities, and select Certificates.

    The trusted root certificate CAs are listed.

  7. Locate the root certificate CA for the certificate that was assigned to MES Web Portal.

    The CA selected in the figure below is an example of a private CA used by System Management Server.

    Windows MMC panel showing a list of trusted root CA certificates with the MES Web Portal certificate selected.

  8. Right-click the root certificate CA, click All Tasks, and then click Export.

    The Certificate Export Wizard appears.

    Certificate Export Wizard welcome screen.

  9. Click Next.

    Certificate Export Wizard screen specifying do not export private key.

  10. Leave the default No, do not export the private key option selected and click Next.

    Certificate Export Wizard screen specifying the DER encored binary file export format.

  11. Leave the default DER encoded binary file format option selected and click Next.

    Certificate Export Wizard screen specifying export path and file name for the export.

  12. Enter a file path and file name for the certificate file, then click Next.

    Certificate Export Wizard screen confirming export completion.

  13. Review the file settings and click Finish.

TitleResults for “How to create a CRG?”Also Available in