You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,7 +27,7 @@ A deployed instance of Azure IoT Operations Preview. To deploy Azure IoT Operati
27
27
28
28
## Configure a self-signed application instance certificate
29
29
30
-
The default deployment of the connector for OPC UA installs all the resources needed by [cert-manager](https://cert-manager.io/) to create an OPC UA compliant certificate. A self-signed CA is used to sign this certificate. The application instance certificate is stored in the `aio-opc-opcuabroker-default-application-cert` secret while the CA certificate is stored in `aio-opc-opcuabroker-default-root-ca-cert` secret. `aio-opc-opcuabroker-default-application-cert` secret is mapped into all the connector for OPC UA pods and acts as the OPC UA client application instance certificate. `cert-manager` handles the automatic renewal of both application instance certificate and the self signed CA.
30
+
The default deployment of the connector for OPC UA installs all the resources needed by [cert-manager](https://cert-manager.io/) to create an OPC UA compliant certificate. A self-signed CA is used to sign this certificate. The application instance certificate is stored in the `aio-opc-opcuabroker-default-application-cert` secret while the CA certificate is stored in `aio-opc-opcuabroker-default-root-ca-cert` secret. The `aio-opc-opcuabroker-default-application-cert` secret is mapped into all the connector for OPC UA pods and acts as the OPC UA client application instance certificate. `cert-manager` handles the automatic renewal of both the application instance certificate and the self signed CA.
31
31
32
32
This configuration is typically sufficient for compliant and secure communication between your OPC UA servers and the connector for OPC UA in a demonstration or exploration environment. For a production environment, use enterprise grade application instance certificates in your deployment.
33
33
@@ -208,9 +208,9 @@ If your OPC UA server uses a certificate issued by a CA, but you don't want to t
208
208
209
209
## Configure your OPC UA server
210
210
211
-
To complete the configuration of the application authentication mutual trust, you need to configure your OPC UA server to trust the connector for OPC UA application instance certificate together with it's issuer trust chain:
211
+
To complete the configuration of the application authentication mutual trust, you need to configure your OPC UA server to trust the connector for OPC UA application instance certificate together with its issuer trust chain:
212
212
213
-
1. To extract the public key certificate for OPC UA connector into a `opcuabroker.crt` file, run the following command:
213
+
1. To extract the public key certificate for the OPC UA connector into a `opcuabroker.crt` file, run the following command:
214
214
215
215
# [Bash](#tab/bash)
216
216
@@ -226,7 +226,7 @@ To complete the configuration of the application authentication mutual trust, yo
226
226
227
227
---
228
228
229
-
2. To extract the CA public key certificate for OPC UA connector into a `opcuabroker-ca.crt` file, run the following command:
229
+
1. To extract the CA public key certificate for the OPC UA connector into a `opcuabroker-ca.crt` file, run the following command:
230
230
231
231
# [Bash](#tab/bash)
232
232
@@ -242,14 +242,14 @@ To complete the configuration of the application authentication mutual trust, yo
242
242
243
243
---
244
244
245
-
3. Many OPC UA servers only support certificates in the DER format. If necessary, use the following command to convert the _opcuabroker.crt_ and _opcuabroker-ca.crt_ certificates to _opcuabroker.der_ and _opcuabroker-ca.der_:
245
+
1. Many OPC UA servers only support certificates in the DER format. If necessary, use the following command to convert the _opcuabroker.crt_ and _opcuabroker-ca.crt_ certificates to _opcuabroker.der_ and _opcuabroker-ca.der_:
246
246
247
247
```bash
248
248
openssl x509 -outform der -in opcuabroker.crt -out opcuabroker.der
249
249
openssl x509 -outform der -in opcuabroker-ca.crt -out opcuabroker-ca.der
250
250
```
251
251
252
-
4. Consult the documentation of your OPC UA server to learn how to add the `opcuabroker.crt` or `opcuabroker.der` certificate file to the server's trusted certificates list, respectively the `opcuabroker-ca.crt` or `opcuabroker-ca.der` CA certificate file into the server's trusted issuers list.
252
+
1. Consult the documentation of your OPC UA server to learn how to add the `opcuabroker.crt` or `opcuabroker.der` certificate file to the server's trusted certificates list, and the `opcuabroker-ca.crt` or `opcuabroker-ca.der` CA certificate file into the server's trusted issuers list.
253
253
254
254
## Configure an enterprise grade application instance certificate
0 commit comments