Index | Prev | Next

Creating operational certificates

You create an operational certificate, which can be a client or a server certificate within a secure connect network.
Prerequisites: You have the required authority to create certificates. You are working on the device for which you want to create operational certificates.
Client certificates and server certificates differ in their roles. Client certificates are used for nodes (ports) that do not have a hub function and can only initiate, not accept a connection to a hub function or direct connections to the node switch. You cannot use a client certificate in the web service for accepting connections. Server certificates created by Niagara’s certificate tools can be used for nodes (hub ports) that can also host a hub, which means that they can initiate and accept a local connection to themselves and accept hub or direct connections from other nodes.

This procedure uses Niagara’s tools running in a PC or remote controlled station.

Perform the following steps:
  1. Do one of the following:
    • Connect to your platform and double-click Certificate Management in the Nav Container View.
    • In the Platform Nav tree, double-click Certificate Management.
    • Connect to your station, expand Config > Services > PlatformServices and double-click CertManagerService.
    The Certificate Management view for the device opens to the User Key Store for the platform stores.
    Image

    These certificate management stores are for the PC or controller platform and station. They are different from the stores for Workbench.

  2. To create an operational certificate, click New.
    The Generate Self Signed Certificate window opens.
    Image
  3. Fill in all required information and click OK:
    • Use Alias to identify this as an operational certificate (client or server certificate).
    • The Common Name (CN) becomes the Subject, also known as the Distinguished Name. For an operational certificate, the Common Name (CN) may be the same as the Alias. If you use hostname validation, it’s recommended that the Common Name is identical to the hostname or IP address of the device on which this certificate is generated.
    • Organization is the name of the company.
    • Although Locality and State/Province are not required, leaving them blank generates a warning message.
    • The two-character Country Code must be a value such as: US, FR, DE. Refer to the ISO CODE column at countrycode.org.
    • For certificate Usage, select Client or Server.
    Your newly created operational certificate is now added to the User Key Store from where you can generate a certificate signing request (csr) for this certificate.

Related Links

  • Node certificates (Parent Topic)

    • Index | Prev | Next