Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI Connector for OPC UA Gen 1

Secure the communication link with X509 certificates

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Secure the communication link with X509 certificates

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedDec 25, 2024
  • 2 minute read

To establish a secure communication link with an OPC UA server, each client, including the connector, must have a digital certificate deployed and configured. Certificates, in general, uniquely identify client applications and machines on servers and allow for building a secure communication link.

PI Connector for OPC UA installs and applies its certificate automatically after startup. If the certificate gets accepted, the communication is established and no additional steps are required. If the certificate is not accepted, one of the reasons could be "rejected certificates" and users have an option to copy them manually to corresponding trust stores. The following paragraphs describe how to manually add a rejected client or server certificate to the respected trust stores.

As a user with Windows Administrator privileges:

  1. Open the file explorer and navigate to the %PIHOME64%\Connectors\OPCUA\pkiclient\rejected\certs folder on the connector node.

  2. If the server certificate was rejected, you will find it in the aforementioned folder. Move it to the %PIHOME64%\Connectors\OPCUA\pkiclient\trusted\certs folder.

  3. If the client certificate was rejected on the server, navigate to the %PIHOME64%\Connectors\OPCUA\pkiclient\own\certs folder (on the connector node), copy the client certificate, (it has PI Connector for OPC UA string in its name), and paste it to the OPC UA server trust store.

    Note: For more information about the UA server trust store, please refer to the corresponding OPC UA Server documentation.

    Note: Before copying the server certificate to the connector's trust store, please verify that the server certificate comes from a trusted server.

    The following tools can be used to manage OPC UA certificates:

    • UA Configuration Tool - a tool provided by OPC Foundation that simplifies OPC UA management.

    • Microsoft Management Console (MMC) - provides Certificate manager snap-in for MMC. See also the Microsoft TechNet article Using the Certificates MMC Snap-in.

      Note: It is recommended to use a certificate issued by a private or public authority as your OPC UA client certificate for the connector.

TitleResults for “How to create a CRG?”Also Available in