Managing OPC UA Certificates¶
Certificates are required when connecting to an OPC UA server that uses Sign or Sign and Encrypt security mode. They establish a trusted identity between the Enture edge device and the OPC UA server.
Two files are typically needed:
| File | Purpose |
|---|---|
| OPC Certificate | The public certificate (.pem) used to identify the client to the OPC UA server |
| Private Key | The private key (.pem) paired with the certificate |
Both files must be uploaded to the platform before you can select them when creating a Virtual Device.
Note
If your OPC UA server uses Anonymous or Username & Password authentication with no security policy, you do not need to upload a certificate.
Before you begin¶
- You need Engineer access on the platform to upload certificates.
- Obtain the certificate and private key files from your OPC UA server administrator or generate them using your preferred PKI tooling.
Uploading a certificate¶
- In the top navigation bar, open the Settings menu (gear icon).
- Under Configurations, click Assets.
- In the sidebar, click Certificates.
- Click the + button in the top-right corner.
- In the dialog that appears:
- Enter a Certificate Name — a label to identify this certificate in the platform (e.g.
OPC-Server-Cert). - Click the file area or drag and drop your
.pemfile to select it. - Click Upload.
The certificate now appears in the list and is available for selection when configuring a Virtual Device.
Viewing certificates¶
The Certificates page shows all certificates uploaded to your organisation:
| Column | Description |
|---|---|
| Name | The label you gave the certificate at upload time |
| Uploaded On | Date and time the certificate was uploaded |
| Resource ID | A unique identifier for the certificate, used internally |
Note
Certificates cannot be downloaded from the UI. They are automatically and securely distributed to the edge device when needed. This is by design to prevent private key exposure.
Next step¶
Once your certificates are uploaded, proceed to Creating a Virtual Device and select the certificates in the security configuration section.