Client Certificates for Configuration Hub

For a browser to have a secure connection to Configuration Hub, the Configuration Hub certificate must be copied to the remote machine and added to the trusted root folder. Client-side certificates validate the client’s identity to the Configuration Hub web server.

Configuration Hub Root Certificate

To install the Configuration Hub root certificate:

  1. Copy the ConfigHubRootCA.crt file on the server machine. By default, this file can be found in the C:\Program Files (x86)\GE\ConfigurationHub\ConfigHubPki folder.
  2. Paste the ConfigHubRootCA.crt file to the destination computer.
  3. Double-click ConfigHubRootCA.crt to install the certificate. The Install Certificate screen appears.
  4. Click the Install Certificate button. The Import Certificate screen appears.
  5. Select Local Machine, and then Next. A message appears requesting if you want to proceed.
  6. Click Yes. The Certificate Store Screen appears.
  7. Select Place All Certificates in the Following Store.
  8. Click Browse, and then select Trusted Root Certificate Authorities and then click OK.
  9. Click Next. The final screen appears.
  10. Click Finish. A message should appear indicating the import was successful.
  11. Click OK.
  12. Restart the browser.

iFIX Configuration Hub Client Root Certificate

To install the iFIX OPC UA Client root certificate:

  1. Copy the iFIX_OpcuaConfigRoot.crt file on the server machine. By default, this file can be found in the C:\Program Files (x86)\GE\iFIX\CFG\ iFIX_OpcuaConfigService folder.
  2. Paste the iFIX_OpcuaConfigRoot.crt file to the destination computer.
  3. Double-click iFIX_OpcuaConfigRoot.crt to install the certificate. The Install Certificate screen appears.
  4. Click the Install Certificate button. The Import Certificate screen appears.
  5. Select Local Machine, and then Next. A message appears requesting if you want to proceed.
  6. Click Yes. The Certificate Store Screen appears.
  7. Select Place All Certificates in the Following Store.
  8. Click Browse, and then select Trusted Root Certificate Authorities and then click OK.
  9. Click Next. The final screen appears.
  10. Click Finish. A message should appear indicating the import was successful.
  11. Click OK.
  12. Restart the browser.

Enable a Trust with Historian with a Self-Signed Certificate in Chrome

During Historian installation, a self-signed certificate is generated for use with Historian web applications. A self-signed certificate is a certificate that is signed by itself rather than signed by a trusted authority. Therefore, a warning appears in the browser when connecting to a server that uses a self-signed certificate until it is permanently stored in your certificate store. These steps describe how to ensure that Google Chrome trusts the self-signed certificate.

To enable a trust with Historian using a Self-Signed Certificate in Chrome:

  1. Using Google Chrome, access the site to which you want to connect. A message appears to inform you that the certificate is not trusted by the computer or browser.
  2. Select Not Secure in the URL, and then select Certificate. The Certificate window appears.

  3. Select the Certification Path tab, and then select the root certificate.

  4. Select View Certificate The Certificate window appears, displaying the General, Details, and Certification Path sections. Select Details, and then select Copy to Files.

  5. Follow the on-screen instructions to save the certificate to a local file. Use the default format: DER encoded binary X.509 (.CER).

  6. Right-click the .CER file that you have exported, and select Install Certificate. The Certificate Import Wizard window appears.
  7. Select Local Machine and click Next.
  8. Select Trusted Root Certificate Authorities, and then select OK.
    Note: Do not let the wizard select the store for you.

    A Security Warning window may appear. If it does, ignore the message by selecting Yes. The certificate is installed.
  9. Restart the browser, and connect to the server.
  10. Open the URL authenticated by the certificate. If error messages do not appear, the certificate is successfully imported.

Import an Issuer Certificate in Chrome for Historian

If you want to use an external UAA, you must import an issuer certificate.

  1. Copy the issuer certificate from the machine on which UAA is installed.
  2. Access the Certificate Management tool. The GE Operations Hub Certificate Management Tool page appears, displaying the Server Certificate section.
  3. In the External Trust subsection, next to the Certificate File box, select Select.
  4. Navigate to and select the certificate file, and then select Open.
  5. Select Import. A message appears, asking you to confirm that you want to import a certificate.
  6. Select Yes. You are now ready to use Configuration Hub.

    For more information on Historian, security, and certificates, refer to the Historian online documentation.