Certificate Management

How do I open Certificate Management?
  1. From the
    Start
    menu, select
    Rockwell Software
    >
    FactoryTalk Linx Gateway
     Configuration
    .
  2. Under
    OPC UA Sever
    , select
    Certificate Management
    , and then select
    Incoming Certificate
     or
    Outgoing Certificate
    .
Use
Certificate Management
 to view
FactoryTalk Linx Gateway
OPC
 UA server certificate information.
FactoryTalk Linx Gateway
 creates a default, self-signed security certificate during installation. The security certificate is stored at
C:\ProgramData\Rockwell\FactoryTalk Linx Gateway\PKI\own\cert_ftgw_opcua_server.der
 on the host computer for the
FactoryTalk Linx Gateway
 server. A custom security certificate can be created by generating a certificate signing request (CSR) in
FactoryTalk Linx Gateway
 and signed by an external trusted security authority and then imported to
FactoryTalk Linx Gateway
 to replace the default certificate.
Incoming Certificate
Button
Description
Refresh
Refreshes to display the latest certificates.
Manage Access
Limits access to security certificate management operations to administrators or individuals approved by an administrator. This function is only available to Administrator.
To add user or group:
  1. On
    Certificate Management
     tab, click
    Manage Access
    .
  2. In
    Manage Access
     dialog, click
    Add
    .
  3. In
    Select User or Group
     dialog, click
    Advanced
    >
    Find Now
    .
  4. In
    Search results
    , select the name of the user or group you want to add.
  5. Click
    OK
    .
    Tip: If you are Administrator and in the Administrator group but this option is still not available, do the following:
    1. Launch
      Run
      .
    2. Enter
      gpedit.msc
       and click
      OK
      .
    3. In
      Local Group Policy Editor
       dialog, select
      Computer Configuration
       >
      Windows Settings
       >
      Security Settings
       >
      Local Policies
       >
      Security Options
      .
    4. Double-click
      User Account Control: Run all administrators in Admin Approval Mode
      .
    5. Select
      Disabled
      .
Import
Specifies and import the certificate to be used as incoming certificate or outgoing certificate.
Reject
Moves the specific certificates from
Trusted Certificates
 list to
Rejected Certificates
 list. The client(s) cannot communicate with
FactoryTalk Linx Gateway
.
Remove
Removes the specific certificates from
Trusted Certificates
 list or
Rejected Certificates
 list. The clients cannot communicate with
FactoryTalk Linx Gateway
.
Trust
The specific certificate is added to
Trusted Certificates
 list and the client can communicate with
FactoryTalk Linx Gateway
.
Outgoing Certificate
Button
Description
Refresh
Refreshes to display the latest certificates. It is only available when enabling the certificate management by
FactoryTalk Policy Manager
.
Manage Access
Limits access to security certificate management operations to administrators or individuals approved by an administrator. This function is only available to Administrator.
To add user or group:
  1. On
    Certificate Management
     tab, click
    Manage Access
    .
  2. In
    Manage Access
     dialog, click
    Add
    .
  3. In
    Select User or Group
     dialog, click
    Advanced
    >
    Find Now
    .
  4. In
    Search results
    , select the name of the user or group you want to add.
  5. Click
    OK
    .
    Tip: If you are Administrator and in the Administrator group but this option is still not available, do the following:
    1. Launch
      Run
      .
    2. Enter
      gpedit.msc
       and click
      OK
      .
    3. In
      Local Group Policy Editor
       dialog, select
      Computer Configuration
       >
      Windows Settings
       >
      Security Settings
       >
      Local Policies
       >
      Security Options
      .
    4. Double-click
      User Account Control: Run all administrators in Admin Approval Mode
      .
    5. Select
      Disabled
      .
Create CSR
Creates a Certificate Signing Request (CSR) and save the request as a
CSR
 file.
Import
Specifies and import the certificate to be used as incoming certificate or outgoing certificate.
Regenerate
Creates another certificate to renew the valid period.
Certificate properties
Field
Description
Name
Displays the name of the security certificate.
Location
Displays the path to the security certificate on the
FactoryTalk Linx Gateway
 computer.
Application Name
Displays the application from where the certificate is presented.
Organization
Displays the organization name that submitted to CA when requesting the certificate.
Application URI
Displays the
FactoryTalk Linx Gateway
 application URI associated with the security certificate.
Domain
Displays the domain name.
Subject Name
Displays the subject properties on the certificate. For example, Common Name (CN).
Valid From
The date and time when the security certificate is valid.
Expiration Time
The date and time when the security certificate expires.
Thumbprint
A short sequence of bytes created by applying the cryptographic hash function to identify a certificate.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal