Configure a GDS-signed Certificate
Procedure
- In the Project Properties dialog box, enable the OPC UA Server component.
- Ensure at least one CIMPLICITY user has the OPC UA server admin permissions in its role.
- Start the CIMPLICITY project.
- Launch GDS Agent, and create a new application by selecting the CIMPLICITY server.
- Register the application.
- Check the ‘Use Push Interface’ button.
- Switch to the Certificate Management tab.
- Click the Sign Certificate button.
- Enter the username/password of a CIMPLICITY user with OPC UA server admin permissions.
- If the GDS agent isn’t trusted by the OPC UA server, there will be a message saying the push operation failed due to the OPC UA server does not trust the GDS agent. To solve this, the GDS agent certificate needs to be moved from <CIMPLICITY project folder>/pki/rejected to <CIMPLICITY project folder>/pki/trusted/certs to make the OPC UA server to trust the GDS agent.
- Click the Push certificate button to push signed publish key to OPC UA server.
- Switch to the Trust List tab.
- Click the Replace with GDS button.
- Click the Push Trust List button.
- Registers CIMPLICITY with the GDS.
- Creates a self-signed certificate for CIMPLICITY.
- Requests that the GDS sign the certificate.
-
Replaces or updates the existing trust list.
Success
CIMPLICITY can now talk to any other OPC UA applications that have signed certificates and are trusted by GDS.
Issues
There could be many reasons for not succeeding.
1 Click either of the following to view a Log file for data about the operation. - Toggle Log button.
- Log hyper link after each action.
2 If you login with Super User credentials vs. Administrator credentials, then the certificate request will require an Administrator to approve the request on the GDS server. In this case, all the steps are not completed until the request is approved. Click Check Status to see if the request has been accepted or rejected. Note: Clicking the Advanced button will open the GDS Agent Panel, where you can find detailed help about the Global Discovery Server and Global Discovery Agent.Clear GDS Credentials
For security purposes, you can clear out GDS credentials so they will not be saved on the CIMPLICITY disk.
Note: Select GDS>Clear GDS Credentials on the CIMPLICITY OPC UA Certification Configuration dialog box menu bar.
Results
The GDS credentials will be cleared from the CIMPLICITY machine; you will need to provide credentials the next time the CIMPLICITY connects to the Global Discovery Server.