PKI Admin
Application
With PKI Admin, you can manage the server and client certificates of OPC UA NC Server (#56-61 / #3-02-1*) on the control. To define access rights to the control, you can classify the certificates as trusted or not trusted, for example.
PKI Admin has no functionality without the OPC UA NC Server (#56-61 / #3-02-1*) software option.
Related topics
- Quickly and easily connecting the OPC UA client application to the control (#56-61 / #3-02-1*)
The OPC UA connection assistant function (#56-61 / #3-02-1*)
Description of function
To navigate to this function:
Settings Network/Remote Access PKI Admin
The Administration of the PKI Infrastructure window provides the following tabs:
Tab | Function |
---|---|
Own certificates | The control provides the following areas:
|
Trusted | The server knows the certificate and trusts it after successful validation. For connection to the server, the client certificate must have been specified on this tab. For a OPC UA connection (#56-61 / #3-02-1*), you also need to assign a OPC UA license to the certificate. |
Issuers | On this tab, you can specify the issuer of the trusted certificates. The server uses the issuer's information to validate the certificate. |
Rejected | On this tab, the control specifies client certificates whose connection attempt to the OPC UA NC Server (#56-61 / #3-02-1*) failed. Connection failures can occur in the following situations:
|
Revocation lists | On this tab, you can specify CRL files that list untrusted certificates. The server prohibits connections that use these certificates. In the Settings for revocation lists area, you can permit connections of applications with certificates in a multi-level certificate chain even if no associated CRL files exist. |
Definition
PKI
PKI (public key infrastructure) is the management structure for digital certificates that are required for secure communication. A digital certificate has the same purpose as an identity card or passport. With a digital certificate, its owner can encrypt, sign and authenticate the communication.