4.00.00_FactoryTalk Analytics InfoPlatform Service Installation and Configuration Guide_Rev01

Trusted Connections

UA servers require a certificate to establish a trusted connection with each UA client. For server to accept connections from a client that provides a self-signed certificate, the client's certificate must be imported into the trusted client certificate store used by the OPC UA server interface. To facilitate this function, the UA Configuration Manager has the ability to import, remove and view trusted client certificates.

To set up a "Trusted Client", follow these steps:

Copy the Opc.Ua.CertificateGenerator.exe file into the folder where the InfoPlatform service/application wishing to connect to the OPCUA server is running.

The Opc.Ua.CertificateGenerator utility is used to create a self-signed certificate. The Opc.Ua.CertificateGenerator.exe utility should be present in the application folder in order to be located and used by the dataFEED OPC UA .NET SDK. The Opc.Ua.CertificateGenerator.exe file can be located at Program Files\Common Files\OPC Foundation\UA\v1.0\Bin address on a machine where the dataFEED OPC UA .NET SDK is installed in case it is needed for creating a deployment files package.

Example Usage of the tool:

Opc.Ua.CertificateGenerator.exe -cmd issue -sp . -an InfoPlatform

-au urn:RockwellAutomation:InfoPlatform -o Rockwell

-dn DEVVM -pw MySecretPassword

Connect to InfoPlatform using the client such as a browser connecting to the RestAPI.

When InfoPlatform starts up and connects to the OpcUA server, the certificate will be created in the pki folder described below.

Copy the certificate in the pki\own\certs folder to the server and import it into the "Trusted Clients" collection.

Reconnect using InfoPlatform.

Store	Relative path	Description
Certificate Store	pki\own	Own certificate store. In case it cannot find the certificate specified by the configuration, it attempts to create a self-signed certificate.
Trusted Certificate Store	pki\trusted	The path to the trusted certificate store.
Trusted Issuer Certificate Store	pki\issuer	The path to the issuer's certificate store.
Rejected Certificate Store	pki\rejected	The path to the rejected certificate store.

Configure OPC UA Provider

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.