Opcua Ca-Signed Certificate Management - Honeywell CIU 888 Configuration Manual

NOTE: In case of a redundant system, above steps have to be done separately for
Part No.: 4417584_Rev12
Commissioning of a Standalone System Setup
CIUA and CIUB. Both certificates are different.

4.8.2 OPCUA CA-Signed Certificate Management

CA-signed certificate security flow involves the server and the client
certificates being signed by a Certificate Authority (CA). The trust is
established through the CA certificate that is used to sign the server and
client certificates. That is, the CA certificate used to sign the server
certificate needs to be added to trusted CA certificate store of the client
application and the CA certificate used to sign the client certificate
needs to be added to trusted CA certificate store of the server.
The following steps are involved in a CA-signed certificate security flow
in CIU 888:
1. Generate CSR (Certificate Signing Request) for CIU
2. Send the generated CSR to Certificate Authority for server certificate
signing. Request the following from the CA:
a) Signed CIU 888 Server certificate (.der)
b) Root CA certificate (.der)
c) Certificate Revocation List (CRL) (.crl)
3. Upload the received certificates to CIU.
Configuration Manual
CIU 888 4 - 12