PKI Admin

Application

With PKI Admin, you can manage the server and client certificates of OPC UA NC Server (#56-61 / #3-02-1*) on the control. To define access rights to the control, you can classify the certificates as trusted or not trusted, for example.

PKI Admin has no functionality without the OPC UA NC Server (#56-61 / #3-02-1*) software option.

Description of function

To navigate to this function:

Settings Network/Remote Access PKI Admin

The Administration of the PKI Infrastructure window provides the following tabs:

Tab

Function

Own certificates

The control provides the following areas:

  • Check the configuration
  • The control checks the validity of the server certificates.

  • Use self-created certificate:
    • Optional certificate settings
    • The control adds static IP addresses to the server certificates. You can select the IP address of the eth0 or eth1 interface or specify the required IP addresses.

    • Recreate certificate
    • The control recreates the server's chain of trust. After the next restart of the control, it will use the new certificate.

    • Export certificate chain
    • The control saves the server's chain of trust that you import into the client application.

  • Use customer-specific certificate:
    • Load certificate
    • You can import a customized certificate.

    • Please note the requirements for self-created certificates for OPC UA (#56-61 / #3-02-1*).

    • Login options

  • Existing certificates of server
  • The control displays the available certificates and revocation lists.

  • You can export the selected certificate or the selected revocation list, show its details, or delete it.

Trusted

The server knows the certificate and trusts it after successful validation.

For connection to the server, the client certificate must have been specified on this tab.

For a OPC UA connection (#56-61 / #3-02-1*), you also need to assign a OPC UA license to the certificate.

The OPC UA license settings function (#56-61 / #3-02-1*)

Issuers

On this tab, you can specify the issuer of the trusted certificates.

The server uses the issuer's information to validate the certificate.

Rejected

On this tab, the control specifies client certificates whose connection attempt to the OPC UA NC Server (#56-61 / #3-02-1*) failed.

Connection failures can occur in the following situations:

  • The client certificate is unknown and has not been classified as trusted.
  • If you want to connect the client application to the server, you can use the Move function to move the certificate to the Trusted tab.

  • A trusted client certificate has expired.

Revocation lists

On this tab, you can specify CRL files that list untrusted certificates.

The server prohibits connections that use these certificates.

In the Settings for revocation lists area, you can permit connections of applications with certificates in a multi-level certificate chain even if no associated CRL files exist.

Definition

PKI
PKI (public key infrastructure) is the management structure for digital certificates that are required for secure communication. A digital certificate has the same purpose as an identity card or passport. With a digital certificate, its owner can encrypt, sign and authenticate the communication.