Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Production Management Web Client

TABLE OF CONTENTS

IT certificate requirements

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedDec 08, 2023
  • 2 minute read

Certificates are required to be configured to enable communication through encrypted channels such as HTTPS.

Certificates Storage Requirements

Certificate

Store

Private Key access permissions

root certificate

Local Computer Trusted Root Certification Authorities store

intermediate certificate

Local Computer Intermediate Certification Authorities store

SSL certificate

Note: Enable the "Mark this key as exportable." option if your importing this certificate through the Certificate Import Wizard.

Local Computer Personal store

ArchestrAWebHosting user group read access is required.

SSL Certificates Requirements

Field

Value

Comment

Key Usage

Digital Signature, Key Encipherment, Data Enchipherment (b0)

Required

Enhanced Key Usage

Server Authentication (1.3.6.1.5.5.7.3.1)

Required

Subject Alternative Name

DNS Name=localhost

Required when the client is accessing your web applications via localhost.

DNS Name=[machine name]

Required.

For example: DNS Name=mymachineName

DNS Name=[public origin]

Only required when the Management Server Public Origin feature is enabled.

For example: DNS Name=mypublicorigin.mydomain.com

DNS Name=[fully qualified domain name]

Required when the wildcard domain is not used. PCS Framework uses the FQDN as the endpoint identity to authenticate the PCS web service.

This item must be the last entry in the SAN list due to a known Microsoft .NET Framework issue.

For example: DNS Name=mymachine.mydomain.com

DNS Name=[wildcard domain name]

Only required when IT plan to deploy the Management Server on any machine in the domain.

For example: DNS Name=*.mydomain.com

Friendly Name

A friendly display name

Required.

Configurator displays the friendly name in the certificate drop-down list.

For example: IT Binding Certificate

Recommended algorithm

  • RSA (2048-bits) - key pair algorithm

  • SHA256RSA - signature algorithm

  • SHA256 - signature hash algorithm

    Important: Grant the ArchestrAWebHosting user group read access to the certificate's private key. If ArchestrAWebHosting has no access to the private key, the clients may not be able to connect to the services (such as IData) and some errors with connection closed, connectionId = 00000000-00000000-00000000 is logged. For detailed steps, see Set permissions on the SSL certificate.

TitleResults for “How to create a CRG?”Also Available in