OPC UA security > Managing OPC UA security certificates

Bind an SSL certificate to a workstation server port

  1. Using MMC, import the certificate.
    Refer to Microsoft instructions on installing a root certificate and to the import instructions provided by the certificate provider.
  2. Delete the previous certificate binding:

    netsh http delete sslcert ipport=0.0.0.0:[PORT]

    The port is 9408 by default.
  3. Bind the certificate to the port:
    netsh http add sslcert ipport=0.0.0.0:[PORT] certhash=[CERTHASH] certstorename=Root appid=[APPGUID]
    The [CERTHASH] parameter specifies the thumbprint of the certificate. [APPGUID] is the GUID to identify the owning application. Follow these steps to retrieve a certificate thumbprint.
    1. Open the Microsoft Management Console (MMC) snap-in for certificates.
    2. In the Console Root window's left pane, click Certificates (Local Computer).
    3. Click the Trusted Root Certification Authorities to expand it.
    4. Click the Certificates folder to expand it.
    5. In the list of certificates, find the certificate you imported as part of this procedure.
    6. Double-click the certificate.
    7. In the Certificate dialog box, click the Details tab.
    8. Scroll through the list of fields and click Thumbprint.
    9. Copy the hexadecimal characters from the box. Remove the spaces between the hexadecimal numbers. For example, the thumbprint a9 09 50 2d d8 2a e4 14 33 e6 f8 38 86 b0 0d 42 77 a3 2a 7b should be specified as a909502dd82ae41433e6f83886b00d4277a32a7b in code.
  4. Verify that the SSL certificate binding has been established:
    netsh http show sslcert ipport=0.0.0.0:[PORT]
    The software displays the SSL certificate bindings.