Server Certificates for Configuration Hub

Server certificates for Configuration Hub are managed through the Configuration Hub interface.

Introduction

There are two types of Configuration Hub server certificates:

  • Self-signed certificates (which are valid for a two-year period)
  • External certificates (whose validity depends on the permission granted by the organization's software provider to the user)

Certificate expiration warnings for Configuration Hub are configured to alert users 15 days before and after expiration.

Check the Status of the Configuration Hub Server Certificate

Use the following steps to check the status of your Configuration Hub server-side certificate:
  1. Log into Configuration Hub with Proficy Authentication credentials.

  2. In Configuration Hub, from the NAVIGATION panel, open Administration > Node Manager.

  3. In the Node-Manager-Administration screen, select the Configuration Hub row.

  4. On the DETAILS panel, under Certificate Details, view the dates that the certificate is valid. For example, see the following figure which shows the valid date range from 2024-02-22 to 2026-02-21.

    Note: If the certificate is nearing expiration within the next 15 days, a warning indication will be displayed in the Certificate Expiry column. However, if the certificate expires after the 15-day period, a warning indication is displayed.

  5. When a certificate expires, it must be updated. Use the following sections to update your server certificates.

Self-Signed Certificates for Configuration Hub

If the Configuration Hub self-signed server certificate has expired, use the following steps to update your self-signed certificates for Configuration Hub:
  1. Log into the Configuration Hub with Proficy Authentication credentials.
  2. From Configuration Hub, in the NAVIGATION panel, select Administration, and then select Node Manager.

    The Node Manager-Administration panel appears.

  3. Select the Configuration Hub row.

    The DETAILS panel appears.

  4. In the CERTIFICATE DETAILS section, click the Generate Certificate button.

    The Apply New Certificate dialog box appears with Self-Signed selected as the default Certificate Type.

  5. Leave the Self-Signed certificate type option selected.

    The Subject Alternate Names table displays available DNS name types and DNS/IP Address details. Optionally, modify these details as needed by selecting the Type from the drop-down list and update the DNS/IP Address column.

  6. Click the Generate Certificate button.

    The Self signed certificate for Configuration Hub generated successfully message appears. Configuration Hub will then sign the certificate and it will generate a new one. The new certificate will populate details such as Subject Name, Issuer Name, Valid From, and Valid To values in the grid, as shown in the following figure.

  7. Click Apply.
    The Certificates applied successfully message appears.
    • The server certificate (server.crt and server.key) is automatically generated and saved in the location: <ConfigurationHub home>\ConfigurationHub\Web\conf and
    • The root certificate (CONFIGHUB@SelfSignedRootCA) is automatically stored in the Windows trusted store.
      Note: The CONFIGHUB@SelfSignedRootCA certificate in the Windows store will display the details such as Certificate expiration date, Issued to, Issued by, Subject alternate names, and others.
  8. Restart the browser.

External Certificates for Configuration Hub

Use the following steps to configure an externally issued server certificate for Configuration Hub.

  1. Log into the Configuration Hub with Proficy Authentication credentials.
  2. From Configuration Hub, in the NAVIGATION panel, select Administration, and then select Node Manager.

    The Node Manager-Administration panel appears.

  3. Select the Configuration Hub row.

    The DETAILS panel appears.

  4. In the CERTIFICATE DETIALS section, select Generate Certificate button.

    The Apply New Certificate window appears.

  5. Select External as a Certificate Type, as shown in the following figure.
    Note: For an External Certificate, the supporting certificates are in .pfx format or, .crt and .key for the pair.
  6. For the CERTIFICATE FILE, select the button to upload the .crt file or .pfx file.
    Note: Only the .key or .pfx file format is supported here.
  7. After uploading the certificate file and certificate key file, select View. The details such as Subject Name, Issuer Name, Valid From, and Valid To values will be displayed in the grid.
  8. Select Apply.

    The Certificates applied successfully message appears.