PKI Admin

Application

With PKI Admin, you can manage the server and client certificates on the control. To define access rights to the control, you can classify the certificates as trusted or not trusted, for example.

Description of function

To navigate to this function:

Settings Network/Remote Access PKI Admin

The Administration of the PKI Infrastructure window contains the following tabs:

Tab

Function

Trusted

The server knows the certificate and trusts it after successful validation.

For connection to the server, the client certificate must have been specified on this tab.

For a OPC UA connection (#56-61 / #3-02-1*), you also need to assign a OPC UA license to the certificate.

The OPC UA license settings function (#56-61 / #3-02-1*)

Issuers

On this tab, you can specify the issuer of the trusted certificates.

The server uses the issuer's information to validate the certificate.

Rejected

On this tab, the control specifies client certificates whose connection attempt to the OPC UA NC Server (#56-61 / #3-02-1*) failed.

Connection failures can occur in the following situations:

  • The client certificate is unknown and has not been classified as trusted.
  • If you want to connect the client application to the server, you can use the Move function to move the certificate to the Trusted tab.

  • A trusted client certificate has expired.

Revocation lists

On this tab, you can specify CRL files that list untrusted certificates.

The server prohibits connections that use these certificates.

Own certificates

The control provides the following functions:

  • Recreate certificate
  • The control recreates the server's chain of trust. After the next restart of the control, it will use the new certificate.

  • Export certificate chain
  • The control saves the server's chain of trust that you import into the client application.

  • Load certificate
  • You can import a customized certificate.

  • Please note the requirements for self-created certificates for OPC UA (#56-61 / #3-02-1*).

  • Required certificates

  • Check the configuration
  • The control checks the validity of the server certificates.

Advanced settings

The tab contains the following areas:

  • Certificate settings
  • The control adds static IP addresses to the server certificates. You can select the IP address of the eth0 or eth1 interface or specify the required IP addresses.

  • Settings for revocation lists
  • You can permit connections of applications with certificates in a multi-level certificate chain even if no associated CRL files exist.

Definition

PKI
PKI (public key infrastructure) is the management structure for digital certificates that are required for safe communication. A digital certificate has the same purpose as an identity card or passport. With a digital certificate, its owner can encrypt, sign and authenticate the communication.