Creating and exporting the client certificate

A certificate authenticates the display to the station that manages the device. You need a separate certificate for each display.

Prerequisites: You are working in Workbench connected to the station that manages the display device.

Perform the following steps:

To create a client certificate, expandConfig > Services > PlatformServices, double-click CertManagerService and click New.
The Generate Self Signed Certificate window opens.
Enter values for at least these required properties:
- Alias provides the certificate name. Enter it as “cert.” This is a required name.
- Common Name should match the display user you will set up with certificate authentication.
- Organization is your company.
- Country Code is the two-character ISO CODE you can find at countrycode.org.
Select Client for Certificate Usage and click OK.
The certificate appears in the User Key Store.
The next step exports the certificate so that you can associate it with the display user you just created.
To export the certificate, select it in the User Key Store and click Export.
The certificate file is located here: C:\Users\<your user>\<Niagara Version>\tridium\certManagement where:
- <your user> is your user name
- <Niagara Version> is the folder that contains the Niagara software
The Certificate Export window opens.
Do not export this certificate with its private key.
To continue, click OK, store the certificate’s .pem file where you can find it later and click OK again to close the Certificate Export window.

The next step sets up single sign-on in the AuthenticationService.