Skip to main content
W
WY_144067404-Participant
4-Participant
March 12, 2026
Solved

Kepware OPCUA certificate

  • March 12, 2026
  • 1 reply
  • 149 views

  1. 使用者希望使用有效期限為10 年或更長的自簽名憑證。使用原有的KEPServerEX客戶端時,只需一個憑證即可實現雙向通訊。然而,由於架構較為複雜,目前似乎無法在多個系統間重複使用自簽名憑證。請確認自簽名客戶端憑證是否可以被多個伺服器使用

  2. OPC UA證書會自動續約或延長有效期限嗎?

  3. 如果用戶端憑證過期,是否會影響現有系統?例如,是否會導致EAP無法連線等問題?

 

  • The user would like to use a self-signed certificate with a validity period of 10 years or longer. With the original KEPServerEX client, only one certificate is needed for mutual communication.
    However, it seems that a self-signed certificate cannot currently be reused across multiple systems, possibly due to the more complex architecture. Please confirm whether a self-signed client certificate can be used by multiple servers.

  • Will **OPC UA certificates automatically renew or extend their validity period?

  • If the client certificate expires, will it affect the existing system? For example, could it cause issues such as EAP being unable to connect?


 

Best answer by ntripathi

Hello @WY_14406740,

 

I would like to inform you that self‑signed certificates cannot typically be used across multiple servers. In most environments, self‑signed certificates operate on a one‑to‑one trust relationship, meaning each server generally requires its own certificate to establish a secure and trusted connection.
 
Whether a certificate can be reused depends on the issuing Certificate Authority (CA).

1 reply

N
ntripathi15-Moonstone
15-Moonstone
March 13, 2026

Greetings @WY_14406740,

 

I hope this email finds you well.

 

I am writing to inform you that the OPC UA certificate generated by the Kepware Server is created by default with a validity period of 3 years. After this 3‑year period, the certificate cannot be extended and must be reissued. For detailed information, please refer to the article Article - CS368928 - Is it possible to extend the expiration of OPC UA certificate generated by Kepware?

 

Please note the following important points:

 

  • OPC UA certificates do not renew automatically.
    There is no built‑in mechanism in Kepware or OPC UA to extend or auto‑renew an existing certificate.

  • When an OPC UA client certificate expires, the secure connection will fail immediately.

 
Thanks
Naveen

 

N
ntripathi15-MoonstoneAnswer
15-Moonstone
March 13, 2026

Hello @WY_14406740,

 

I would like to inform you that self‑signed certificates cannot typically be used across multiple servers. In most environments, self‑signed certificates operate on a one‑to‑one trust relationship, meaning each server generally requires its own certificate to establish a secure and trusted connection.
 
Whether a certificate can be reused depends on the issuing Certificate Authority (CA).
    W
    WY_144067404-ParticipantAuthor
    4-Participant
    March 16, 2026

    Thank you Ntripathi for the reply. I previously explained this to the customer as well—the certificate mechanism is designed this way for security and mutual trust. I understand now. Thank you for your assistance.

    Terms & ConditionsCookie settingsAccessibility statement