Move Untrusted Workflow Certificates on the OPC UA Server

You can manually move certificates from the OPC UA server’s untrusted or rejected certificates folder to its trusted certificate folder.

About this task

Moving the Workflow certificates into the trusted certificate folder allows a secure connection between the OPC UA server and the Workflow server. Some OPC UA servers provide a configuration UI to facilitate moving certificates, but for other servers, you will need to move the certificates manually.

OPC UA Server Certificate Paths

The following paths are examples of a typical OPC UA server. OPC UA server certificate paths may vary.

The OPC UA server %INSTALLDIR% default directory is: C:\Program Files (x86)\Proficy PROJECTNAME\

The OPC UA server rejected certs folder is: %INSTALLDIR%\projects\%PROJECTNAME%\pki\rejected

The OPC UA server trusted certs folder is: %INSTALLDIR%\projects\%PROJECTNAME%\pki\trusted\certs
Tip: To determine the filename of the certificate to move, look for the Workflow .der certificate in the C:\ProgramData\Proficy\OpcUaCertificate\own\certs folder on the Workflow server. The certificate file name will be prefixed with Workflow and look similar to this: Workflow [821C3D37F1B91FB6FF87EAA8FA9116B5F4526F51].der

Procedure

  1. From the OPC UA server, in the reject folder, find the cert .der file with the same name without the Workflow prefix. (e.g., 821C3D37F1B91FB6FF87EAA8FA9116B5F4526F51.der)
  2. Move the selected certificate from the %INSTALLDIR%\projects\%PROJECTNAME%\pki\rejected folder to the %INSTALLDIR%\projects\%PROJECTNAME%\pki\certs\trusted folder.
    Note: The paths shown are examples. Your OPC UA untrusted and trusted folder paths may vary.

What to do next

Attempt a connection from the Workflow server to the OPC UA server.