You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ To connect to an asset, first you need to establish the application authenticati
40
40
> [!TIP]
41
41
> Typically, an OPC UA server has an interface that lets you export its application instance certificate. This interface isn't standardized. For servers such as KEPServerEx, there's a Windows-based configuration UI for certificates management. Other servers might have a web interface or use operating system folders to store the certificates. Refer to the user manual of your server to find out how to export the application instance certificate. After you have the certificate, make sure it's either DER or PEM encoded. Typically stored in files with either the .der or .crt extension. If the certificate isn't in one of those file formats, use a tool such as `openssl` to transform the certificate into the required format.
42
42
43
-
1. Add the OPC UA server's application instance certificate in the trusted certificates list. This list implemented as a kubernetes native secret, named:*aio-opc-ua-broker-trust-list*which is created when Azure IoT Operations is deployed.
43
+
1. Add the OPC UA server's application instance certificate to the trusted certificates list. This list is implemented as a Kubernetes native secret named *aio-opc-ua-broker-trust-list*that's created when you deploy Azure IoT Operations.
44
44
45
45
# [Bash](#tab/bash)
46
46
@@ -86,7 +86,7 @@ To trust a CA, complete the following steps:
86
86
87
87
1. Get the CA certificate public key encode in DER or PEM format. These certificates are typically stored in files with either the .der or .crt extension. Get the CA's CRL. This list is typically in a file with the .crl. Check the documentation for your OPC UA server for details.
88
88
89
-
1. Save the CA certificate and the CRL in the *aio-opc-ua-broker-trust-list* kubernetes native secret.
89
+
1. Save the CA certificate and the CRL in the *aio-opc-ua-broker-trust-list* Kubernetes native secret.
90
90
91
91
# [Bash](#tab/bash)
92
92
@@ -148,7 +148,7 @@ If your OPC UA server uses a certificate issued by a CA, but you don't want to t
148
148
149
149
1. Trust the OPC UA server's application instance certificate by following the first three steps in the previous section.
150
150
151
-
1. Besides the certificate itself, the connector for OPC UA needs the CA certificate to properly validate the issuer chain of the OPC UA server's certificate. Add the CA certificate and its certificate revocation list (CRL) to a separate list called `aio-opc-ua-broker-issuer-list`implemented as a kubernetes secret.
151
+
1. Besides the certificate itself, the connector for OPC UA needs the CA certificate to properly validate the issuer chain of the OPC UA server's certificate. Add the CA certificate and its certificate revocation list (CRL) to a separate list called *aio-opc-ua-broker-issuer-list* that's implemented as a Kubernetes secret.
152
152
153
153
1. Save the CA certificate and the CRL in the `aio-opc-ua-broker-issuer-list` secret.
154
154
@@ -251,7 +251,7 @@ The following example references the following items:
251
251
252
252
Like the previous examples, you use a dedicated Kubernetes secret to store the certificates and CRLs. To configure the enterprise grade application instance certificate, complete the following steps:
253
253
254
-
1. Save the certificates and the CRL in `aio-opc-ua-broker-client-certificate` secret by using the following command:
254
+
1. Save the certificates and the CRL in the *aio-opc-ua-broker-client-certificate* secret by using the following command:
255
255
256
256
# [Bash](#tab/bash)
257
257
@@ -277,7 +277,7 @@ Like the previous examples, you use a dedicated Kubernetes secret to store the c
277
277
278
278
---
279
279
280
-
2. If you use the CA to issue certificates for your OPC UA Broker, configure `aio-opc-ua-broker-issuer-list` secret. Use a Kubernetes client such as `kubectl` to configure the secrets `enterprise-grade-ca-1.der` and `enterprise-grade-ca-1.crl`
280
+
2. If you use the CA to issue certificates for your OPC UA broker, configure the *aio-opc-ua-broker-issuer-list* secret. Use a Kubernetes client such as `kubectl` to configure the secrets *enterprise-grade-ca-1.der* and *enterprise-grade-ca-1.crl*:
0 commit comments