Development Environment Security Certificates being prepared for Production?

Hi Kien Mac ,

A certificate is bound with machine name not IP. So, you need to update the DNS list in the restored SCADA project matching the machine names in the production environment.

Below are the list of key points around certificates and authentications and hope it would help.

• Only one System Management Server is required in a Plant SCADA system
• A domain user needs to be used to configure System Management Server
• A self-signed certificate will be issued by SMS to a client node once the client is configured to connect to the SMS
• A self-signed OPC UA server certificate will be issued and saved in the local store when PCS Runtime component is installed.
• Deployment Server and SMS can be installed on the same machine or distributed on different machines
• The same domain user should be used in configuration of deployment server and to authorize client registrations.
• All server nodes need running in the service mode in order to access the certificate private key
• SMS also play the role of token host. AIG or OPC UA users will be authenticated via this token service. It is noted that only domain users can be authenticated in a distributed system.

Thanks Jacky.

Thanks Jacky.