Register Workflow Certificates with Global Discovery Server (GDS)

You can use the OPC UA Configuration tool to connect to the Global Discover Service (GDS) server, sign a self-signed Workflow security certificate, and automatically register the application with GDS.

About this task

Registering the Workflow security certificate with GDS makes the certificate trusted by other applications which are registered in GDS and allows you to add a CA certificate in Workflow.

Other Actions

You can perform the following other actions to the selected certificate from the Certificates Management tab:
  • Click Update Trust List to replace the trust certificates with the ones provided by the GDS.
You can perform the following other actions to the selected certificate from the Certificates Trust List tab:
  • Click View to view information about the certificate in the Certificate Details dialog box.
  • Click Add to select a certificate to trust from a folder.
  • Click Make Issuer to make a CA certificate untrusted, but still trust the certificate signed by this CA certificate.
  • Click Reject to make the selected certificate untrusted. The certificate is moved to the C:\ProgramData\Proficy\OpcUaCertificate\pki\certs\rejected folder.
  • When a certificate is rejected, you can click Trust, then click Yes in the Trust Certificate dialog box to make the selected certificate trusted again.
  • Click Delete to remove the selected certificate from the C:\ProgramData\Proficy\OpcUaCertificate\pki\certs\trusted folder.

Procedure

  1. From the OPC UA server, click Start > All Programs > General Electric > Workflow > Configuration > Configure OPC UA.
    The Configure OPC UA tool appears.
  2. Click Configure GDS.
    The Select Certificate Management Service (GDS) dialog box appears.
  3. Enter the following information:
    1. Enter an endpoint URL for the GDS server into the Endpoint URL field.
      Note: You can click Search for Endpoints and select from a list of endpoint URLs.
    2. Enter a user name for the GDS server in the User Name field.
    3. Enter a password for the selected user account in the Password field.
    4. Click OK.
      A connection is made to the GDS server.
  4. Click Generate Self-Signed.
    The following actions occur:
    • Configuration saved.
    • Created <Workflow certificate name>.
    • Skipping: Certs do not register with LDS.

      The Workflow security certificate is stored in the C:\ProgramData\Proficy\OpcUaCertificate\own\certs folder but is untrusted.

  5. Click Request from GDS.
    The following actions occur:
    • Configuration saved.
    • Selected GDS at <certificate directory used>. Configure GDS appears if GDS is not configured yet or the GDS connection has failed.
    • Registered <application certificate>.
    • Sent certificate request.
    • Checking if certificate request has completed.
    • Replaced trusts list with the one provide by the certificate directory.
    • Skipping: Certs do not register with LDS.

    The Workflow security certificate is moved to the C:\ProgramData\Proficy\OpcUaCertificate\pki\certs\trusted folder and is now trusted.

What to do next

You can now add OPC UA through the Workflow client. See Add an OPC UA Server.