×

Have You Seen Workflow Lately? Click here to check out all the new features in the latest version.

Supercharge your GE solution! Download a free trial of Proficy Operations Hub, CSense analytics, and more. Learn more about the Proficy 2024 releases, by signing up for one of our upcoming events.

Home
Configure Your Environment
Certificate Handling
OPC UA Certificate Handling
An initial attempt to connect securely to an OPC UA server from the Workflow server will fail due to a missing certificate with the error: The OPC UA server does not have any secure endpoints or the Workflow certificate is not trusted.

Workflow Products Documentation

Configure Your Environment
- User Password Configuration
- Computer Management
- User Interface Controls in the Task List
- Custom Solutions and Displays
- SSL Encryption for SQL Server
- Certificate Handling
  - OPC UA Certificate Handling
    An initial attempt to connect securely to an OPC UA server from the Workflow server will fail due to a missing certificate with the error: The OPC UA server does not have any secure endpoints or the Workflow certificate is not trusted.
    - Generate OPC UA Self-Signed Certificates Manually
      You can use the OPC UA Configuration tool to manually generate a self-signed Workflow security certificate.
    - Move Untrusted Workflow Certificates on the OPC UA Server
      You can manually move certificates from the OPC UA server’s untrusted or rejected certificates folder to its trusted certificate folder.
    - Register Workflow Certificates with Global Discovery Server (GDS)
      You can use the OPC UA Configuration tool to connect to the Global Discover Service (GDS) server, sign a self-signed Workflow security certificate, and automatically register the application with GDS.
  - Generate Certificates for Workflow 2.6
    Workflow 2.5 and earlier does not support the creation of self-signed certificates with the Subject Alternative Name (SAN) property.
  - Modify Server Certificate Folder Location
    You can modify the location of the Workflow server certificates folder.
  - Resolve Port conflicts between prior Proficy Workflow installations and Web HMI
    For existing Workflow installations prior to 2.6, Workflow and Web HMI ports are both set to 8444, making applications installed on the same machine incompatible.

OPC UA Certificate Handling

An initial attempt to connect securely to an OPC UA server from the Workflow server will fail due to a missing certificate with the error: The OPC UA server does not have any secure endpoints or the Workflow certificate is not trusted.

A self-signed certificate can be created using the Configure OPC UA tool. Once a certificate is created, you can make a connection to the OPC UA server. The new certificate is sent to the server as part of its connection request. The OPC UA server returns its server certificate during the connection exchange.

The OPC UA server accepts the Workflow client certificate but does not initially trust it, placing it into the OPC UA server’s untrusted or rejected certs folder. On the Workflow server, from the Certificates Trust List tab, run the Configure OPC UA tool. Select the certificate, and click Trust to trust this certificate.

To complete a secure connection, a manual process to trust the Workflow certificate must be executed on the OPC UA server.

Workflow (OPC UA client) Certificate Paths

Workflow saves its own certificate in: C:\ProgramData\Proficy|OpcUaCertificate\own\certs

The Workflow certificate file will be named similar to this: Workflow [821C3D37F1B91FB6FF87EAA8FA9116B5F4526F51].der

The OPC UA server certificate on Workflow is saved in: C:\ProgramData\Proficy\OpcUaCertificate\trusted\certs

In order for Workflow to connect securely to an OPC UA server, the Workflow client certificate must be moved from the server's untrusted or rejected certs folder to the server's trusted folder. Instructions on how to do this are described in Move Untrusted Workflow Certificates on the OPC UA Server.