Features, discussions, tips, tricks, questions, problems and feedback

OPC UA Server Functionality - Certificate renewal

[Please note that this article applies to MAPS / Adroit as an OPC UA Server, and does not pertain to the OPC UA Client driver]

With the introduction of OPC UA Server functionality in MAPS 4 and Adroit 10, the Agent Server now also offers OPC UA Server Functionality.

During installation of MAPS / Adroit, one of the automatic steps that is performed in the background is the creation of an OPC UA Certificate, which is generated for a validity period of one year.

To renew this certificate at a later stage, browse to the folder: \PROGRAMDATA\Adroit Technologies\Adroit\Certs

image

The create_certificate.bat and create_instance_certificate.bat can be executed to generate new certificates to be used by the UA Server. However it is important to delete the old certificate first, before a new one will be generated, as it will not create a new certificate if one already exists.

For example, the certificate below will not be recreated if there is an existing file. It needs to be moved/deleted before running the abovementioned batch files for certificate generation.

image

An example of certificate renewal and configuring the OPC UA Client Driver to connect to the OPC UA Server:

  1. Navigate to C:\ProgramData\Adroit Technologies\Adroit\certs
  2. Run create_certificate.bat
  3. Ensure that a newly created file (or a file with the current date / timestamp exists) here: C:\ProgramData\Adroit Technologies\Adroit\certs\own\ (Note as per the original post, a new .DER file should exist here)
  4. Open Adroit Config and configure a OPC UA Driver instance (if the connection has already been setup, only click on the “Test” button again".
  5. The test will return that the new certificate is not trusted
  6. Run the OPC UA Server Manager located here: C:\Program Files (x86)\Adroit Technologies\SmartDataServices\UI\OPCUA\OPCUAServerManager.exe and move the newly generated certificate to the “Trusted” section (note that this certificate will only be in the list AFTER the “Test” button was used in step 4.

  7. Once the certificate is trusted, the “Test” button will now work and we are able to browse the OPC UA Server tags
    image