https://www.ptcusercommunity.com/t5/Kepware/Kepware-OPCUA-certificate/m-p/1058677#M3335 <P>Thank you Ntripathi for the reply. I previously explained this to the customer as well—the certificate mechanism is designed this way for security and mutual trust. I understand now. Thank you for your assistance.</P> Mon, 16 Mar 2026 01:27:10 GMT WY_14406740 2026-03-16T01:27:10Z https://www.ptcusercommunity.com/t5/Kepware/Kepware-OPCUA-certificate/m-p/1058256#M3324 <DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><OL><LI><P><FONT><FONT>使用者希望使用</FONT><FONT>有效期限為</FONT><STRONG><FONT>10 年或更長的</FONT></STRONG></FONT><STRONG><FONT><FONT>自簽名憑證</FONT></FONT></STRONG><FONT><FONT>。使用原有的</FONT><STRONG><SPAN class=""><SPAN class=""><FONT>KEPServerEX</FONT></SPAN></SPAN></STRONG><STRONG><FONT>客戶端</FONT></STRONG><FONT>時，只需</FONT><STRONG><FONT>一個憑證</FONT></STRONG><FONT>即可實現雙向通訊。然而，</FONT><FONT>由於架構較為複雜，</FONT><STRONG><FONT>目前似乎無法在多個系統間重複使用</FONT></STRONG><FONT>自簽名憑證。請確認</FONT><STRONG><FONT>自簽名客戶端憑證是否可以被多個伺服器使用</FONT></STRONG><FONT>。</FONT></FONT></P></LI><LI><P><SPAN class=""><SPAN class=""><FONT><FONT>OPC UA</FONT></FONT></SPAN></SPAN><FONT><FONT>證書會</FONT><FONT>自動續約或延長有效期限嗎？</FONT></FONT></P></LI><LI><P><FONT><FONT>如果</FONT></FONT><STRONG><FONT><FONT>用戶端憑證過期</FONT></FONT></STRONG><FONT><FONT>，是否會影響現有系統？例如，是否會導致</FONT><FONT>EAP</FONT></FONT><STRONG><SPAN class=""><SPAN class=""><FONT><FONT>無法</FONT></FONT></SPAN></SPAN><FONT><FONT>連線</FONT></FONT></STRONG><FONT><FONT>等問題？</FONT></FONT></P></LI></OL><P>&nbsp;</P><UL><LI><P>The user would like to use a <STRONG>self-signed certificate</STRONG> with a validity period of <STRONG>10 years or longer</STRONG>. With the original <STRONG><SPAN class=""><SPAN class="">KEPServerEX</SPAN></SPAN> client</STRONG>, only <STRONG>one certificate</STRONG> is needed for mutual communication.<BR />However, it seems that a self-signed certificate <STRONG>cannot currently be reused across multiple systems</STRONG>, possibly due to the more complex architecture. Please confirm whether a <STRONG>self-signed client certificate can be used by multiple servers</STRONG>.</P></LI><LI><P>Will **<SPAN class=""><SPAN class="">OPC UA</SPAN></SPAN> certificates automatically renew or extend their validity period?</P></LI><LI><P>If the <STRONG>client certificate expires</STRONG>, will it affect the existing system? For example, could it cause issues such as <STRONG><SPAN class=""><SPAN class="">EAP</SPAN></SPAN> being unable to connect</STRONG>?</P></LI></UL><BR /><P>&nbsp;</P></DIV></DIV></DIV></DIV></DIV></DIV> Thu, 12 Mar 2026 03:50:06 GMT https://www.ptcusercommunity.com/t5/Kepware/Kepware-OPCUA-certificate/m-p/1058256#M3324 WY_14406740 2026-03-12T03:50:06Z https://www.ptcusercommunity.com/t5/Kepware/Kepware-OPCUA-certificate/m-p/1058573#M3329 <P>Greetings&nbsp;<a href="https://www.ptcusercommunity.com/t5/user/viewprofilepage/user-id/1062641">@WY_14406740</a>,</P><P>&nbsp;</P><P>I hope this email finds you well.</P><P>&nbsp;</P><DIV><P>I am writing to inform you that the OPC UA certificate generated by the Kepware Server is created by default with a validity period of 3 years. After this 3‑year period, the certificate cannot be extended and must be reissued. For detailed information, please refer to the article&nbsp;<A href="https://www.ptc.com/en/support/article/CS368928?as=1" target="_blank">Article - CS368928 - Is it possible to extend the expiration of OPC UA certificate generated by Kepware?</A></P><P>&nbsp;</P><P>Please note the following important points:</P><P>&nbsp;</P><UL><LI><P>OPC UA certificates do not renew automatically.<BR />There is no built‑in mechanism in Kepware or OPC UA to extend or auto‑renew an existing certificate.</P></LI><LI><P>When an OPC UA client certificate expires, the secure connection will fail immediately.</P></LI></UL></DIV><DIV><DIV>&nbsp;</DIV><DIV>Thanks<BR />Naveen</DIV></DIV><P><SPAN>&nbsp;</SPAN></P> Fri, 13 Mar 2026 16:32:34 GMT https://www.ptcusercommunity.com/t5/Kepware/Kepware-OPCUA-certificate/m-p/1058573#M3329 ntripathi 2026-03-13T16:32:34Z https://www.ptcusercommunity.com/t5/Kepware/Kepware-OPCUA-certificate/m-p/1058587#M3334 <P>Hello&nbsp;<a href="https://www.ptcusercommunity.com/t5/user/viewprofilepage/user-id/1062641">@WY_14406740</a>,</P><P>&nbsp;</P><DIV>I would like to inform you that self‑signed certificates cannot typically be used across multiple servers. In most environments, self‑signed certificates operate on a one‑to‑one trust relationship, meaning each server generally requires its own certificate to establish a secure and trusted connection.</DIV><DIV>&nbsp;</DIV><DIV><DIV>Whether a certificate can be reused depends on the issuing Certificate Authority (CA).</DIV></DIV> Fri, 13 Mar 2026 19:23:28 GMT https://www.ptcusercommunity.com/t5/Kepware/Kepware-OPCUA-certificate/m-p/1058587#M3334 ntripathi 2026-03-13T19:23:28Z https://www.ptcusercommunity.com/t5/Kepware/Kepware-OPCUA-certificate/m-p/1058677#M3335 <P>Thank you Ntripathi for the reply. I previously explained this to the customer as well—the certificate mechanism is designed this way for security and mutual trust. I understand now. Thank you for your assistance.</P> Mon, 16 Mar 2026 01:27:10 GMT https://www.ptcusercommunity.com/t5/Kepware/Kepware-OPCUA-certificate/m-p/1058677#M3335 WY_14406740 2026-03-16T01:27:10Z