The Certificates tab is used to manage the certificates for the ibaHD API interface and for use of the OPC UA server.
Certificates are used to ensure secure, encrypted TLS/SSL communication between a client and a server, as they allow secure authentication.
Before a client can connect to a server, an application certificate must first be configured. Certificates can be provided on both the server and the client side. Communication is only possible if each partner trusts the other partner’s certificate.
You can also register certificates and then flag them as “not trustworthy”. Communication with a partner with this kind of certificate is always rejected.
All available certificates are listed in the table. The Name, Properties, Expiration date, and Used by columns are displayed by default. If required, additional columns can be selected or deselected in the context menu of the table.
Different certificates can have the same name, i.e. they are not unique. Only a certificate’s fingerprint is unique.
After the expiration date, a certificate can no longer be used. You need to renew the certificate, or replace it with another certificate that is still valid. A date highlighted in red indicates an expired certificate.
Note |
|
|---|---|
 |
Certificates added as new certificates, e.g. from OPC UA read clients, must be manually flagged as trustworthy before the application can be run using the OPC UA server read interface. |
The certificate store toolbar contains a series of buttons with the following functions:
|
Button |
Function |
|---|---|
 |
This button opens a dialog box, which you can use to load an existing certificate file. The existing certificate must contain a private key. |
 |
This button opens a dialog box, which you can use to create a new certificate. |
 |
This button can be used to export a certificate to a file so that it can then be registered for Windows or another application, e.g. on an API client or OPC UA client. |
 |
This button is used to delete the selected certificate from the table. |
 |
This button is used to flag the selected certificate as “trustworthy”. |
 |
This button is used to flag the selected certificate as “not trustworthy”. However, the certificate remains in the certificate store table. |
 |
This button is used to activate/deactivate whether a certificate can be used for user authentication. |
The symbols in the Properties column have the following meanings:
|
Symbol |
Meaning |
|---|---|
|
|
The certificate is trusted as long as it has not expired. |
|
|
This certificate is not trusted. |
|
|
A private key is available for this certificate. |
|
|
This certificate can also be used for user authentication. |
|
|
This certificate is invalid. If the certificate is invalid because it has expired, the expiration date is also highlighted in red. |
