OPC UA Certificate Handling
An initial attempt to connect securely to an OPC UA server from the Workflow server will fail due to a missing certificate with the error: The OPC UA server does not have any secure endpoints or the Workflow certificate is not trusted.
A self-signed certificate can be created using the Configure OPC UA tool. Once a certificate is created, you can make a connection to the OPC UA server. The new certificate is sent to the server as part of its connection request. The OPC UA server returns its server certificate during the connection exchange.
The OPC UA server accepts the Workflow client certificate but does not initially trust it, placing it into the OPC UA server’s untrusted or rejected certs folder. On the Workflow server, from the Certificates Trust List tab, run the Configure OPC UA tool. Select the certificate, and click Trust to trust this certificate.
To complete a secure connection, a manual process to trust the Workflow certificate must be executed on the OPC UA server.
Workflow (OPC UA client) Certificate Paths
Workflow saves its own certificate in: C:\ProgramData\Proficy|OpcUaCertificate\own\certs
The Workflow certificate file will be named similar to this: Workflow [821C3D37F1B91FB6FF87EAA8FA9116B5F4526F51].der
The OPC UA server certificate on Workflow is saved in: C:\ProgramData\Proficy\OpcUaCertificate\trusted\certs
In order for Workflow to connect securely to an OPC UA server, the Workflow client certificate must be moved from the server's untrusted or rejected certs folder to the server's trusted folder. Instructions on how to do this are described in Move Untrusted Workflow Certificates on the OPC UA Server.