Certificate Overview

Use

With the certificate overview, you can gain an overview of all certificates that are stored in the PCo configuration. The certificate overview evaluates the security configuration of all relevant configuration elements and checks the certificates that are found.

To call the certificate overview, choose Start of the navigation pathView Next navigation step Certificate OverviewEnd of the navigation path from the menu.

Prerequisites

In the Management Console, you have used at least one configuration element for which certificates are required. The certificate overview supports the following certificate usages:

  • Host for the cloud services: Server certificate and certificate for internal Web socket communication

  • MII query server: Server certificate

  • MQTT client: Application certificate

  • OPC UA client: Application certificate

  • Web server: Server certificate for each endpoint

  • Universal Web service destination system: Certificate for authentication

  • WebSocket: Server certificate and the root certificate for the WebSocket as client

  • Management services: Certificate for transport security (Transport Layer Security TLS)

  • Main service: Certificate for transport security of configuration services (Transport Layer Security TLS)

Functions

As of release 15.4, the certificate overview informs you when a certificate is going to expire. An error symbol is displayed beside the certificates whose validity is due to expire within a specified time interval.

You can define this time interval below the certificate overview. The default time interval is 30 days. This allows you to identify at an early stage which certificates need to be renewed.

On the Configured Certificates tab, you can see the application certificates that you have defined yourself for specific configuration elements, for example, the application certificates for the OPC UA source systems or the server certificates of the OPC UA server. The main details are displayed for each certificate. The error icon at the beginning of each table row informs you of any issues with the respective certificate.

On the Trusted Certificates tab, you see, for each store location, the certificates that you trusted explicitly when configuring the connections by moving them from the store location for rejected certificates to the store location for trusted certificates. For each store location, you see the configuration elements that refer to this store location. You navigate to the store locations and to the configuration elements by clicking on a link or using the arrow button.

On the Trusted Issuer Certificates tab, you see, for each store location, the issuer of the certificates that you have trusted explicitly. The functions on this tab are analogous to those on the Trusted Certificates tab.

If no certificates are stored in the PCo configuration, a corresponding message is displayed instead of the certificate overview.