OPC UA Security
On the OPC UA security page you can manage OPC UA certificates for the client and server. Trusted certificates can be imported and quarantined certificates can be marked as trusted.
The OPC UA pages in located under the Gateway's Config section, under OPC UA:
Client and Server Tabs​
Both the Client and Server tabs allow you to view OPC UA security certificates. The Client tab contains certificates the gateway uses when acting as a OPC UA client, while the Server tab contains certificates the Gateway uses when acting as an OPC UA server. Both tabs have the same options in regards to managing certificates.
Upload a Trusted Certificate​
The steps for uploading trusted certificates are the same whether you're on the Client tab or the Server tab. To upload a trusted Certificate, do the following.
On the Gateway Webpage, select OPC UA > Security.
Click the Client tab or Server tab, depending on the what certificate you're uploading.
Click the Browse button.
Navigate to the location of of certificate on your system and click Open. (Alternatively, you can drag the certificate file onto the page where it says "Drag files here.")
If the upload was successful, you'll see the name of the certificate and the message "Upload Successful!" The certificate will appear in the Trusted Certificates list.
Download a Trusted Certificate​
To download a trusted certificate, do the following.
- Next to the certificate name, click the Download
icon. - The certificate is downloaded to your system by your web browser.
Delete a Trusted Certificate​
To delete a trusted certificate, do the following.
- Next to the certificate name, click the Delete action button.
- The certificate is deleted.
To view more information about a trusted certificate, click the More Info 
icon.
OPC UA Security Page Details​
Trusted Certificates​
| Column Name | Description |
|---|---|
| Common Name | Name of the certificate. |
| SHA-1 Fingerprint | The SHA-1 (Secure Hash Algorithm 1) fingerprint is the unique identifier of the certificate. |
| Expiration | Date the certificate will expire. |
Additional Information​
| Column Name | Description |
|---|---|
| CN | Common Name |
| O | Organization, usually the legal incorporated name of a company. |
| OU | Organizational Unit |
| L | Locality (Town or City) |
| ST | State |
| C | Country, the two-letter ISO code for the country where the organization is located. |
Quarantined Certificates​
If you import a certificate that is not trusted, it will appear on the Quarantined Certificates list. From here you can view the details by clicking the More Info icon, Trust the certificate, or Delete it.
Certificates Tab​
​
The Certificates tab shows the trusted certificates for the OPC UA client and server on the gateway. From this tab the certificates can be examined by clicking the More Info icon. The certificates can be downloaded by clicking the Download button. This will perform the same action as downloading a certificate from the Client tab as described above.
Clicking the Regenerate button for each certificate will create a new certificate.
Regenerate Current Certificates​
All certificates have a definitive live span. For example, the default life span for an Ignition-generated OPC UA certificate is three years. Any OPC UA connection, even the default loopback connection to Ignition's own server, will stop working if the certificate expires or is invalid.
Regenerating the certificates creates a new certificate with an expiration date set for three years later. If your private key is somehow compromised, regenerating a Client or Server certificate also ensures that the private key will no longer work with the Ignition Gateway.
Newly regenerated certificates are automatically trusted by the Gateway issuing them.
Note that regenerating a server certificate will require that the OPC UA module is restarted.
​
