Recommended verifications

The platform and the station share the same certificate management stores, while the Workbench application has its own stores. Once you have set up certificates, confirm that the stores contain the certificates you expect.

Verify that the new certificates are installed into Certificate Management.

From the remote controller platform, double-click on Certificate Management and verify that the certificates were installed:

The new server certificate appears in the User Key Store.
The new root CA certificate appears in the User Trust Store. This is a copy of the root CA certificate exported with its public key.

From the Workbench, click Tools > Certificate Management.

Confirm that the new root CA certificate created by this instance of the Workbench (for use by the wizard) is found in the User Key Store. of the Workbench, alongside the self-signed tridium server certificate. The Workbench is a client when connecting to platforms and stations, so it is worth pointing out that this is not a Server Certificate. The root CA certificate is available to the Workbench for use in signing server certificates.
Notice that the root CA certificate was not imported into the User Trust Store of the Workbench by the Certificate Wizard. You need to import the root CA certificate into this location to ensure that this instance of the Workbench can validate server certificates while handshaking with platforms and stations on the network.
To do this within Certificate Management: Click Import, locate and select the new root CA certificate in ~certManagement, and click OK.

Verify that the TLS level for each of the following is set to TLSv1.2:

Platform TLS Settings — Using the Platform Administration tool, view the Change TLS Settings option and verify the Protocol value.
Station Web Service — In a station connection open a Property Sheet view on the Web Service and verify the Https Min Protocol property value.
Station Fox Service — Open a Property Sheet view on the Fox Service and verify the Foxs Min Protocol property value.

Additional recommendations

If you are currently reading the Niagara Platform Guide, typically, you need to select the appropriate Server Certificate for use in secure platform and station connections.

Set the new server certificate to be used for secure platform (niagarad) communications. For details, refer to the procedure, “Configuring secure platform communication” in the Niagara Station Security Guide.
Set the new Server Certificate to be used for secure station communications via Fox and Web Services. For details, refer to the following procedure, “Configuring secure station communications” in the Niagara Station Security Guide.