If I download the OPC UA self-signed certificate from the Identity Store of my controller, and upload it to my 3rd-party HMI project, is that certificate always the same? Does it change with FW changes? What about a controller reset to factory defaults?
Hello sparky66,
Q: If I download the OPC UA self-signed certificate from the Identity Store of my controller, and upload it to my 3rd-party HMI project, is that certificate always the same?
A: If the OPC UA self-signed certificate will be deleted via WBM or if the OPC UA Server Configuration will be changed in PLCnEng or if the controller will be resetted (Type 1 or Type2 ), the new PC UA self-signed certificate will be generated.
Please find additional information about Cetrificate in PLCnext Engineer Help:
image.png
* ‘Self-signed by controller’: the server generates and uses the self-signed certificate, generated by the server and signed with its own private key. Using the self-signed certificate causes greater efforts when establishing a network with many application instances because the certificate must be distributed manually to the involved instances.
* After selecting ‘Self-signed by controller’, the ‘Subject’ options become visible with which you specify subject(s) of the certificate. Modifying these subject settings result in a newly generated self-signed certificate after the next project download. Refer to the table row “Type of subject” below for details.
I would like to recommend to use the self-signed certificate only for first-time operation. If you would like to use the permanent certificate, you can create and copy it on the target and adapt the OPC UA Server Configuration in PLCnEng:
BR Eduard