Start a topic
With the exception of Windchill, The PTC Community is on read-only status until April 6 in preparation for moving our community to a new platform. Learn more here
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ThingWorx Navigate is now Windchill Navigate Learn More

Translate the entire conversation x

Kepware OPCUA certificate

Go to solution
WY_14406740
4-Participant
4-Participant
‎Mar 11, 2026 11:48 PM
‎Mar 11, 2026 11:48 PM

Kepware OPCUA certificate

  1. 使用者希望使用有效期限為10 年或更長的自簽名憑證。使用原有的KEPServerEX客戶端時,只需一個憑證即可實現雙向通訊。然而,由於架構較為複雜,目前似乎無法在多個系統間重複使用自簽名憑證。請確認自簽名客戶端憑證是否可以被多個伺服器使用

  2. OPC UA證書會自動續約或延長有效期限嗎?

  3. 如果用戶端憑證過期,是否會影響現有系統?例如,是否會導致EAP無法連線等問題?

 

  • The user would like to use a self-signed certificate with a validity period of 10 years or longer. With the original KEPServerEX client, only one certificate is needed for mutual communication.
    However, it seems that a self-signed certificate cannot currently be reused across multiple systems, possibly due to the more complex architecture. Please confirm whether a self-signed client certificate can be used by multiple servers.

  • Will **OPC UA certificates automatically renew or extend their validity period?

  • If the client certificate expires, will it affect the existing system? For example, could it cause issues such as EAP being unable to connect?


 

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
ntripathi
15-Moonstone
15-Moonstone
(To:ntripathi)
‎Mar 13, 2026 03:23 PM
‎Mar 13, 2026 03:23 PM

Hello @WY_14406740,

 

I would like to inform you that self‑signed certificates cannot typically be used across multiple servers. In most environments, self‑signed certificates operate on a one‑to‑one trust relationship, meaning each server generally requires its own certificate to establish a secure and trusted connection.
 
Whether a certificate can be reused depends on the issuing Certificate Authority (CA).

View solution in original post

Notify Moderator
3 REPLIES 3
ntripathi
15-Moonstone
15-Moonstone
(To:WY_14406740)
‎Mar 13, 2026 12:32 PM
‎Mar 13, 2026 12:32 PM

Greetings @WY_14406740,

 

I hope this email finds you well.

 

I am writing to inform you that the OPC UA certificate generated by the Kepware Server is created by default with a validity period of 3 years. After this 3‑year period, the certificate cannot be extended and must be reissued. For detailed information, please refer to the article Article - CS368928 - Is it possible to extend the expiration of OPC UA certificate generated by Kepware?

 

Please note the following important points:

 

  • OPC UA certificates do not renew automatically.
    There is no built‑in mechanism in Kepware or OPC UA to extend or auto‑renew an existing certificate.

  • When an OPC UA client certificate expires, the secure connection will fail immediately.

 
Thanks
Naveen

 

0 Kudos
Notify Moderator
ntripathi
15-Moonstone
15-Moonstone
(To:ntripathi)
‎Mar 13, 2026 03:23 PM
‎Mar 13, 2026 03:23 PM

Hello @WY_14406740,

 

I would like to inform you that self‑signed certificates cannot typically be used across multiple servers. In most environments, self‑signed certificates operate on a one‑to‑one trust relationship, meaning each server generally requires its own certificate to establish a secure and trusted connection.
 
Whether a certificate can be reused depends on the issuing Certificate Authority (CA).
Notify Moderator
WY_14406740
4-Participant
4-Participant
(To:ntripathi)
‎Mar 15, 2026 09:27 PM
‎Mar 15, 2026 09:27 PM

Thank you Ntripathi for the reply. I previously explained this to the customer as well—the certificate mechanism is designed this way for security and mutual trust. I understand now. Thank you for your assistance.

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags