When connecting atvise to an OPC UA data source, you can set security policies Basic128Rsa15, Basic256 or Basic256Sha256. For these cases, digital certificates must be installed correctly on both sides: at the atvise server and at the data source.
Open the user manual and go to the next section: atvise builder / Tree / My server / Handling data sources / Add OPC UA data source / Handling certificates. You will find 5 necessary steps to stablish the connection.
In this article, we are focusing only on the first step: to provide an SSL certificate to atvise. To do so, we are using the latest version of OpenSSL, just like the user manual recommends. Our example is for Windows 64 bits.
1. Download and install OpenSSL
You can use this link to download a light installer: https://slproweb.com/products/Win32OpenSSL.html
Go to the Download Win32/Win64 OpenSSL section in the web page and download Win64 OpenSSL last version Light edition:
After downloading it, install it as any other Windows application. If you leave the default options, OpenSSL should be located in this path: C:\Program Files\OpenSSL-Win64
2. Get ready
Create a folder in the Desktop called Certificates. We are going to place the certificates here. Afterwords, we are going to move them to the specific directories that atvise needs.
Open the Command Prompt as administrator and go to C:\Program Files\OpenSSL-Win64\bin, which is the directory where OpenSSL.exe is located.
3. Create key and certificate
In our example, we are going to create a certificate with the next parameters:
- Expiration: 730 days (2 years)
- No password
- RSA: 2048 bits
- Sha256
- Key name: key1.pem
- Certificate name: certificate1.pem
- No company information
- Domain: yourdomain.com
- Directory: C:\Users\YOUR_USER\Desktop\Certificates
Finally, we must run the next command to generate the self-signed certificate with all these options:
openssl req -x509 -sha256 -nodes -days 730 -newkey rsa:2048 -keyout C:\Users\YOUR_USER\Desktop\Certificates\key1.pem -out C:\Users\YOUR_USER\Desktop\Certificates\certificate1.der -subj /CN=*.yourdomain.com
4. Place both key and certificate in their corresponding directories
Now that we have both the key and the certificate generated, we should move them to the correct directories for atvise to use them:
- Key directory: C:\Program Files\atvise\PKI\CA\private
- Certificate directory: C:\Program Files\atvise\PKI\CA\certs
Now that we have created the key and the certificate, we must continue with the steps given in the user manual to stablish the secure OPC UA connection. So open again the atvise user manual and go to the next section: atvise builder / Tree / My server / Handling data sources / Add OPC UA data source / Handling certificates, and continue with steps 2, 3, 4 and 5.
Important: Keep in mind that these certificates are self signed. To apply this security properly in a production environment, a Certification Authority entity must sign the certificate.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article