Certificate Management

How do I open Certificate Management?

FactoryTalk Administration Console

, right-click an OPC UA Connector, and then select

Properties

In , select

Certificate Management

Use

Certificate Management

to view and manage

FactoryTalk Linx

OPC UA Connector and OPC UA Server security certificates.

When an OPC UA Connector begins communication with an OPC UA Server, the OPC UA Connector provides the OPC UA Server with its security certificate. The OPC UA Server accepts or rejects the certificate to authorize or deny communication to the OPC UA Connector. Security certificates may be required for some OPC UA Servers.

FactoryTalk Services Platform

creates a default, self-signed security certificate during installation. The certificate is stored at

C:\ProgramData\Rockwell\OpcUaConnector\RnaUaClientDataProvider\PKI\own\

on the computer hosting

FactoryTalk Linx

OPC UA Connector.

If a security certificate signed by a trusted security authority is required, replace the default security certificate with the required certificate. A custom security certificate must have the same name and file path as the default security certificate.

FactoryTalk Linx

OPC

UA Connector version 6.20.00 or later supports creating a Certificate Signing Request (CSR) to obtain a new certificate from an external signing authority.

Certificate Properties

General
Property	Description
Name	Displays the name of the security certificate.
Status	Displays the certificate status, either Trusted or Rejected .

Certificate
Property	Description
Location	Displays the path to the security certificate on the FactoryTalk Linx OPC UA Connector computer.
Application Name	Displays the application from where the certificate is presented.
Organization	Displays the organization name that was submitted to CA when requesting the certificate.
Application URI	Displays the FactoryTalk Linx OPC UA Connector application URI associated with the security certificate.
Domain	Displays the workstation name.
Subject Name	Displays the subject properties on the certificate. For example, Common Name (CN).
Valid From	Displays the date and time when the security certificate is valid.
Expiration Time	Displays the date and time when the security certificate expires.
Thumbprint	A short sequence of bytes created by applying the cryptographic hash function to identify a certificate.

Incoming Certificate

Trusted Certificates
Button	Description
Import	Specifies and imports the certificate to be used as an incoming certificate.
Reject	Moves the specific certificates from the Trusted Certificates list to the Rejected Certificates list. The servers cannot communicate with FactoryTalk Linx OPC UA Connector.
Remove	Removes the specific certificates from the Trusted Certificates list. The servers cannot communicate with FactoryTalk Linx OPC UA Connector.

Rejected Certificates
Button	Description
Trust	Adds the specific certificate to the Trusted Certificates list. The server can communicate with FactoryTalk Linx OPC UA Connector.
Remove	Removes the specific certificates from the Rejected Certificates list. The servers cannot communicate with FactoryTalk Linx OPC UA Connector.

Outgoing Certificate

Button	Description
Create CSR	Creates a certificate signing request and saves the request as a CSR file.
Import	Specifies and imports the certificate to be used as an outgoing certificate.
Regenerate	Creates another certificate to renew the valid period.

Others

Button	Description
Refresh	Refreshes to display the latest certificates.
Manage Access	Limits access to security certificate management operations to administrators or individuals approved by an administrator. This function is only available to Administrator. If you are an Administrator and in the Administrator group, but this option is still not available, do the following: 1. In Run , enter gpedit.msc, and then select OK . 2. In Local Group Policy Editor , select Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options . 3. Double-click User Account Control: Run all administrators in Admin Approval Mode . 4. Select Disabled .

Button

Description

Refresh

Refreshes to display the latest certificates.

Manage Access

Limits access to security certificate management operations to administrators or individuals approved by an administrator. This function is only available to Administrator.

If you are an Administrator and in the Administrator group, but this option is still not available, do the following:

1. In Run
, enter gpedit.msc,
and then select OK
.

2. In Local Group Policy Editor
, select Computer Configuration
> Windows Settings
> Security Settings
> Local Policies
> Security Options
.

3. Double-click User Account Control: Run all administrators in Admin Approval Mode
.

4. Select Disabled
.

User interface

Regenerate Certificate

Regenerate the certificate

Create a certificate signing request

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.