Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Managing Matrikon UA Explorer Certificates

            Created by Luis R. Aldoma, Modified on Thu, 16 Mar 2023 at 07:55 AM by Luis R. Aldoma

            As in every OPC UA link, Matrikon  UA Explorer relies in a certificate exchange between server and client, this is because OPC UA goes thru a SSL socket, so this certificate exchange is what allows SSL protocol to stablish the socket for the data exchange.


            the way this works is:




            • The client sends a request to the server for a secure session. The server responds by sending its X.509 digital certificate to the client.
            • The client receives the server's X.509 digital certificate.
            • The client authenticates the server, using a list of known certificate authorities.
            • The client generates a random symmetric key and encrypts it using server's public key.
            • The client and server now both know the symmetric key and can use the SSL encryption process to encrypt and decrypt the information contained in the client request and the server response.

            In order to access the received certificate servers and clients need to knows where is this certificate stored, and sometimes having the certificate in the windows certificate store is not enough, because the software will look for the certificate in his own defined folder


            There are two folders relevant in this case, the "Trusted" certificate folder ehere the software will save the certificates from the computers it trust and it knows. And the "Rejected" certificates folder, where ALL the received certificates will be stored at arrival until someone (the user) authorizes the use of that certificate (when the exchange is automated), in cases where the server admin gives us the certificate to manually install it in our computer we need to save it in the "trusted" folder.


            In the specific case of MatrikonOPC Ua Explorer, there is an automated certificate exchange between server and client, so we need to move the arriving certificate from one folder to another manually.


            The folders are located in:


            C:\Users\Administrator\AppData\Local\Matrikon\OPCUAExplorer\pki\DefaultApplicationGroup\rejected\certs
            C:\Users\Administrator\AppData\Local\Matrikon\OPCUAExplorer\pki\DefaultApplicationGroup\trusted\certs


            Remember that in the server side you need to do the same because the OPC UA server will need to trust the client because sometimes during the data transfer, the communication will be started from the server side to the client side and the socket will need to be established. And every server has his own way to accept and store the certificate, in some cases importing manually the client certificate and registering it in the windows certificate store will do the trick for you.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0