You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/secure-iot-ops/howto-manage-certificates.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ ms.date: 05/20/2025
14
14
Azure IoT Operations uses TLS to encrypt communication between all components. This article describes how to manage certificates for internal and external communications, and how to bring your own certificate authority (CA) issuer for a production deployment.
15
15
16
16
> [!TIP]
17
-
> If you're looking for information about how to manage certificates for the connector for OPC UA, see [OPC UA certificates infrastructure for the connector for OPC UA](../discover-manage-assets/overview-opcua-broker-certificates-management.md).
17
+
> If you're looking for information about how the connector for OPC UA uses certificates to establish mutual trust with an OPC UA server, see [OPC UA certificates infrastructure for the connector for OPC UA](../discover-manage-assets/overview-opcua-broker-certificates-management.md).
18
18
19
19
## Prerequisites
20
20
@@ -93,7 +93,7 @@ To help you get started, Azure IoT Operations is deployed with a default self-si
93
93
status: "True"
94
94
type: Ready
95
95
```
96
-
### Bring your own issuer
96
+
## Bring your own issuer
97
97
98
98
For production deployments, we recommend that you set up Azure IoT Operations with an enterprise PKI to manage certificates and that you bring your own issuer which works with your enterprise PKI instead of using the default self-signed issuer to issue TLS certificates for internal communication.
99
99
@@ -151,11 +151,11 @@ To set up Azure IoT Operations with your own issuer, use the following steps **b
151
151
152
152
The certificate management experience for external communications uses Azure Key vault as the managed vault solution on the cloud. Certificates are added to the key vault as secrets and synchronized to the edge as Kubernetes secrets via [Azure Key Vault Secret Store extension](/azure/azure-arc/kubernetes/secret-store-extension).
153
153
154
-
The OPC UA client application authentication, leverages the current certificate management experience forexternal communications. When you [deploy Azure IoT Operations with secure settings](../deploy-iot-ops/overview-deploy.md#secure-settings-deployment), you can start adding certificates to Azure Key Vault, and sync them to the edge to be usedin the *Trust list* and *Issuer list* stores for OPC UA connections:
154
+
For example, the connector forOPC UA uses the certificate management experience to configure OPC UA client application authentication to an external OPC UA server. When you [deploy Azure IoT Operations with secure settings](../deploy-iot-ops/overview-deploy.md#secure-settings-deployment), you can start adding certificates to Azure Key Vault, and sync them to the edge to be usedin the *Trust list* and *Issuer list* stores for OPC UA connections:
155
155
156
156
**************TODO: Screenshot of upload/add from AKV page****************
157
157
158
-
- **Upload Certificate**: Uploads a certificate which is then added as a secret to Azure Key Vault and automatically synchronized to the edge using Secret Store Extension.
158
+
- **Upload Certificate**: Uploads a certificate which is then added as a secret to Azure Key Vault and automatically synchronized to the edge using Secret Store extension.
159
159
160
160
> [!TIP]
161
161
> View the certificate once uploaded to ensure you have uploaded the correct certificate before adding to Azure Key Vault and synchronizing to edge.
0 commit comments