OPC UA communication
9.2 Security at OPC UA
Communication
150 Function Manual, 12/2017, A5E03735815-AF
Creating self-signed certificates
The following section is only relevant if you are using an OPC UA client that does not create
a client certificate.
You can create self-signed certificates with STEP 7.
To do this, follow these steps:
1. In the properties of the CPU, double-click "<Add new>" under "Protection & Security >
Certificate manager > Device certificates".
2. Click on "Add".
3. In the "Create a new certificate" dialog, select the "OPC UA client" option for "Usage".
4. Click "OK".
The following section describes how to generate self-signed certificates with tools other than
STEP 7.
In the field "Subject Alternative Name" STEP 7 automatically enters the URI for the
generated certificate. In the program-specific certificate generation by means of the .Net-
Stack of the OPC Foundation, the field is called, for example, "ApplicationUri" - it can have a
different name in other tools for certificate generation.
Using the certificate generator of the OPC Foundation
You can, for example, generate a self-signed client certificate with the
OPC.UA.CertificateGenerator .
To do this, follow these steps:
1. Download the tool from the OPC Foundation website. The program is available on the
website of the OPC Foundation (
https://opcfoundation.org/developer-tools/developer-kits-
unified-architecture), for example, under "Resources > Samples / Code > Unified
Architecture" in "Sample Applications".
2. Install the example applications from the OPC Foundation on your PC.
3. Use Windows Explorer to open the installation directory: It is located under "C:\Program
Files (x86)\OPC Foundation\UA 1.02\Sample Applications".
4. Keep the SHIFT key pressed and right-click in the directory so that the shortcut menu is
displayed.
5. Select "Open command prompt here".
6. Enter the following command after the prompt character in the command prompt:
"Opc.Ua.CertificateGenerator -cmd issue -sp . -an MyClient"
7. Click the Enter key.
To Next Page
Loading...
