For secure communication, ibaHD-API uses X.509 certificates. A certificate is required for communication via TLS. TLS certificates can be provided by the server and must be transferred to the client. A gRPC-API communication can only take place if each communication partner trusts the certificate. You can also register certificates and mark them as "not trusted". Communication with a partner who has a "not trusted" certificate is rejected.
To manage certificates, select the Manage certificates option in the Application certificate field. A dialog opens and shows the available certificates in tabular form. Here you can add, generate and remove certificates.
In the toolbar of the table you will find a series of buttons with the following functions:
|
Button |
Function |
|---|---|
 |
This button opens a dialog box, which you can use to load an existing certificate file. Various file formats are supported (.der, .cer, .crt, .cert, .pem, .pfx, .p12). If you have a certificate with an unknown file extension, expand the file filter to "*.*" and try to open the file anyway. This works in most cases. The existing certificate must contain a private key. |
 |
Thus button opens a dialog box, which you can use to create a new certificate. |
 |
You can use this button to export a certificate to a file in order to register it for Windows or another application, e.g. on an OPC UA client. Several file formats are also supported here. |
 |
This button is used to delete the selected certificate from the table. |
 |
This button is used to flag the selected certificate as "trusted" |
 |
This button is used to flag the selected certificate as “not trusted”. However, the certificate remains in the certificate store table. |
 |
Use this button to specify whether a certificate can also be used for user authentication for OPC UA. Not relevant for ibaHD-API. |
Example
