Regarding the current default certificate issue: How to get the required knowledge?
First please have a look at this information.
We strongly recommend that the ones responsible for security/operations in a project get knowledge about certificates in general as they play an important part in nowadays security standards.
Even independent from WinCC OA that is.
We acknowledge that certificates in general is a rather complex matter.
Therfore we help you out with a detailed description in this presentation or in our product help.
If you want a deep dive into security or want more guidance in aquiring the necessary knowledge we also offer a special security training.
If all of that that is not feasible for you or time does not permit, we additionally offer the – not recommended - poor-man but still valid solution of just replacing the existing default certificates with newer default certificates.
This means that just a handful of files need to be replaced in the file system of the project. But keep in mind that even those will expire eventually even if that will be in 2050.
These files are available here.