Configuring the OPC UA Application Security
The security settings of the OPC UA application configuration file define how the certificates for this application are stored and other security policies related to certificates. Complete the following settings in the SecurityConfiguration section.
Certificate Store Settings
The settings define the storage type and location of the application, trusted, and rejected certificates.
|
Setting |
Value |
Description |
|---|---|---|
|
Application Certificate |
Required settings:
|
Defines where the application instance certificate is stored. |
|
Trusted Issuer Certificates |
Required settings:
|
Defines where the certificates of trusted certificate authorities are stored. |
|
Trusted Peer Certificates |
Required settings:
|
Defines where the certificates of trusted peer applications (servers or clients) are stored. |
|
Rejected Certificate Store |
Required settings:
|
Defines the location of rejected certificates for later administrator review. |
|
MaxRejectedCertificates |
Default: 5 |
Limits the number of stored rejected certificates. |
Other Security Settings
| Setting | Default | Description | Security Impact |
|---|---|---|---|
|
AutoAcceptUntrustedCertificates |
false |
Automatically trust unknown certificates. |
⚠ CRITICAL: Use true only for development/debugging. |
|
RejectSHA1SignedCertificates |
true |
Reject SHA-1 signed certificates. |
✅ SHA-1 is cryptographically broken. |
|
RejectUnknownRevocationStatus |
true |
Reject certificates with unknown CRL/OCSP status. |
✅ Prevents revoked certificate usage. |
|
MinimumCertificateKeySize |
2048 |
Minimum RSA key size in bits. |
✅ 2048-bit minimum recommended. |
|
AddAppCertToTrustedStore |
false |
Automatically trust own certificate. |
Usually not needed. |
|
SendCertificateChain |
true |
Send complete certificate chain. |
✅ Enables proper chain validation. |
What's Next?