Security certificates are used to verify the authenticity of an OPC UA client (on the server side), authenticity of an OPC UA client (on the client side) and to encrypt. In order to establish secure connection between the OPC UA client and the OPC UA server, they must add the security certificates given to them to the repository as "trusted". There is a special repository intended for working with client security certificates in Monokot Server. It allows you to import, reject or confirm client security certificates.
When an OPC UA client trying establish secure connection to the OPC UA server, a client security certificate will automatically be placed in the repository as “rejected” if it was not added before as “trusted”
The default UA TCP endpoint security certificate is a self-signed certificate that was created when the server was first started. Click here to learn more about the default server security certificate.
How to: Adding a security certificate to the security certificates repository as "trusted" using Monokot Server Administrator
To add an OPC UA security certificate to the repository as "trusted" in Server Explorer pane, double-click on OPC UA and go to the Client Certificates tab.
If you have the client security certificate of OPC UA client on your computer:
Click on the Import button and select one or more certificates. The certificates will appear on the client as “trusted”. Click on the Sync button to transfer the added security certificates to the server. Now the OPC UA client can connect to the OPC UA server via a secure connection.
If you do not have the OPC UA client security certificate on your computer:
Connect the OPC UA client to the OPC UA server via a secure connection. Connection is not established and the client will return the BadCertificateUntrusted error. The OPC UA client security certificate will automatically be added to server repository as "rejected". Click on the Sync button, the “rejected” certificate will appear in the table of certificates.
Select the certificate and click on "Trust" button and then click on the Sync button to trust the security certificate on the server. Now the OPC UA client can connect to the OPC UA server via a secure connection.