The platform-specific certificate stores are implemented and maintained by the operating system or the runtime. As explained in OPC UA Certificate Stores, you specify the platform-specific certificate store by starting the certificate store path by either "LocalMachine\" or "CurrentUser\".
- If the string starts with "LocalMachine\" (case insensitive), it denotes a platform-specific certificate store for the local computer. Commonly used examples are: "LocalMachine\My", "LocalMachine\UA Applications" or "LocalMachine\UA Certificate Authorities".
- If the string starts with "CurrentUser\" (case insensitive), it denotes a platform-specific certificate store for the current user. Commonly used examples are: "CurrentUser\My" or "CurrentUser\Root".
The store name follows the prefix.
Some older code or documentation might use the term "Windows certificate store" for certificate stores that can, in fact, now be implemented also on other platforms, such as Linux or macOS. This is due to the Windows origins of such code or documentation. As QuickOPC now supports multiple development platforms and operating systems, in new documents we consistently use the term "platform-specific certificate store" wherever we refer to a general platform-provided certificate store concept. In new documents, we use the term "Windows certificate store" only to refer to a specific implementation of platform-specific certificate store on Windows operating system. Similarly, we would use "Linux certificate store" to refer to a platform-specific certificate store in a way that is implemented in Linux (which may differ by the particular .NET runtime, e.g. .NET Framework vs .NET).
.NET
COM
Windows Certificate Stores (X509Store)
Windows has a support for certificate stores built into the operating system, and corresponding APIs and tools to access the certificate stores. On Windows, QuickOPC simply uses the mechanisms provided by Windows to support platform-specific certificate stores. For more information about Windows certificate stores, see e.g. Managing Certificates with Certificate Stores and How to Use the Certificates Console.
To manage the local computer certificates on Windows, type certlm.msc into the Windows search box, and press Enter. You will need administrative privileges to manage the local computer certificates.
To manage the certificates for the current user on Windows, type certmgr.msc into the Windows search box, and press Enter.
Note, however, that the logical store names displayed by the management console are not the same as the physical certificate store names, and that some stores may not be displayed at all.
OPC Foundation has a
UA Configuration Tool which can be used to manage the certificates related to OPC UA on Windows machines (both in the directory certificate stores, and in Windows certificate stores). QuickOPC includes this tool in the
Bonus Material part of its full installation for Windows. You can access the
UA Configuration Tool from the
Start menu (under QuickOPC program group), or using the QuickOPC
Launcher application.
Linux Certificate Stores
On Linux under .NET, the platform-specific certificate stores are implemented as follow:
- The certificates for the local computer are stored according to the rules valid on the particular Linux distro.
- The certificates for the current user are stored using an internal .NET runtime-specific mechanism (which currently appears to be a dedicated directory under ~/.dotnet, but that is considered an implementation detail that may change in future versions).
For more information, see e.g. Provide a way for sysadmins to manage the .Net Core "My" certificate store on non-Windows platforms .
See Also
External
Examples - OPC UA Administration