Using self-signed certificates (Unified PC as OPC UA server)

This section describes how you provide the certificates for the following case:

A Unified PC is used as OPC UA server.
The OPC UA certificates of the OPC UA server and the client are self-signed.

Trusting the OPC UA client on the Unified OPC UA server.

Option	Description
Before the first connection attempt	To trust the self-signed certificate before a connection has been established between server and client, follow these steps: Save the certificate of the OPC UA client to an external data storage medium. Connect the Unified PC to the external data storage medium. Open the Runtime Manager on the Unified PC. Import the OPC UA client certificate. During the import, the certificate is automatically copied to the "trusted" folder of the certificate store. The Unified PC trusts the OPC UA client certificate when the next connection attempt is made.
After the first connection attempt	If a connection attempt has already been made between the client and server, the self-signed OPC UA client certificate is available on the Unified PC in the certificate store in the "untrusted" folder. Follow these steps: Open the Runtime Manager on the Unified PC. Trust the OPC UA client certificate in the Runtime Manager. The certificate is moved to the "trusted" folder in the certificate store of the Unified PC. The Unified PC accepts the OPC UA client certificate when the next connection attempt is made.

Option

Description

Before the first connection attempt

To trust the self-signed certificate before a connection has been established between server and client, follow these steps:

Save the certificate of the OPC UA client to an external data storage medium.
Connect the Unified PC to the external data storage medium.
Open the Runtime Manager on the Unified PC.
Import the OPC UA client certificate.

During the import, the certificate is automatically copied to the "trusted" folder of the certificate store. The Unified PC trusts the OPC UA client certificate when the next connection attempt is made.

After the first connection attempt

If a connection attempt has already been made between the client and server, the self-signed OPC UA client certificate is available on the Unified PC in the certificate store in the "untrusted" folder.

Follow these steps:

Open the Runtime Manager on the Unified PC.
Trust the OPC UA client certificate in the Runtime Manager. The certificate is moved to the "trusted" folder in the certificate store of the Unified PC. The Unified PC accepts the OPC UA client certificate when the next connection attempt is made.

Figure 1. Configure trusted certificates in SIMATIC Runtime Manager

To configure the WinCC OA client side, please refer to OPC UA Certificates. This guide will provide you with step-by-step instructions and detailed information on how to handle the OA configuration process.