Move Untrusted Workflow Certificates on the OPC UA Server
You can manually move certificates from the OPC UA server’s untrusted or rejected certificates folder to its trusted certificate folder.
About this task
Moving the Workflow certificates into the trusted certificate folder allows a secure connection between the OPC UA server and the Workflow server. Some OPC UA servers provide a configuration UI to facilitate moving certificates, but for other servers, you will need to move the certificates manually.
OPC UA Server Certificate Paths
The following paths are examples of a typical OPC UA server. OPC UA server certificate paths may vary.
The OPC UA server %INSTALLDIR% default directory is: C:\Program Files (x86)\Proficy PROJECTNAME\
The OPC UA server rejected certs folder is: %INSTALLDIR%\projects\%PROJECTNAME%\pki\rejected
Procedure
- From the OPC UA server, in the reject folder, find the cert .der file with the same name without the Workflow prefix. (e.g., 821C3D37F1B91FB6FF87EAA8FA9116B5F4526F51.der)
- Move the selected certificate from the %INSTALLDIR%\projects\%PROJECTNAME%\pki\rejected folder to the %INSTALLDIR%\projects\%PROJECTNAME%\pki\certs\trusted folder.Note: The paths shown are examples. Your OPC UA untrusted and trusted folder paths may vary.
What to do next
Attempt a connection from the Workflow server to the OPC UA server.