Skip to main content
Version: 5.2

SSL Certificates

Obtaining an SSL Certificate

An SSL certificate is a digital document that verifies the identity of a website or server and enables an encrypted connection between the browser and server. To obtain an SSL certificate, you must submit a request to a Certificate Authority (CA) that issues and verifies the certificate. The CA checks if you are the legitimate owner of the domain for which you are requesting the certificate and then issues a certificate that you can install on your server. Some CAs offer free SSL certificates, while others charge a fee.

For internal use of OPC Router 5, a certificate from a Certificate Authority is not required; a self-signed certificate is sufficient.

Creating a Self-Signed SSL Certificate

warning

We recommend contacting your network administrator to obtain an SSL certificate with a private key. The certificate generated here allows an encrypted connection but cannot be used to verify the authenticity of the website.

You can easily create a self-signed SSL certificate using the alpine/openssl container.

note

If you are using a Linux distribution and already have OpenSSL installed on your system, you can use OpenSSL directly and do not need to use the alpine/openssl container with the steps described here.

docker run -it --name openssl alpine/openssl

This command creates a container named openssl from the alpine/openssl image. The combination of arguments -it opens the OpenSSL prompt of the container in the terminal where the command is executed, making the application directly accessible.

In the OpenSSL prompt, you can create an SSL certificate with a private key using the following command:

req -newkey rsa:2048 -nodes -keyout https.key -x509 -days 365 -out https.pem

When you run the command, you will be prompted for some information to be included in the certificate. After entering all the information, you can exit the prompt using the exit command.

The certificate (named https.pem) and the private key (named https.key) are now at the root level inside the container. You can copy them from the container to your local system (into the folder where you are running your terminal) using these two commands:

docker cp openssl:/https.pem ./https.pem
docker cp openssl:/https.key ./https.key

You can now remove the container with the command docker rm openssl.

Certificates in OPC Router

On how to import this new certificate in OPC Router read the article below.

Certificate management