Creating or Renewing OPC UA Certificates Using the LabVIEW OPC UA Toolkit

Updated Mar 8, 2023



  • LabVIEW OPC UA Toolkit

I want to create new certificate files for my OPC UA Server-Client handshake since my current certificate has expired. How can I create new certificate?

You can use the Create under the OPC UA palette to generate a pair of certificate files to be used in the Server-Client connecting process. The start time of the generated files is the current system time, and the lifetime is four years.

1. Run a VI using the Create Certificate VI, if no name is entered the certificate is being named as Default OPC UA.

Create Certificate VI.png

2. Depending on the operating system, both a public (.der) and private (.pem) key files will be created in the default path:
  • Windows: C:\ProgramData\National Instruments\certstore\opcua\
  • NI Linux Real-Time: /var/local/natinst/certstore/opcua/

3. You can now copy these keys to other directories in the local or remote computers to use them for OPC UA connectivity. Both the private and public keys must be on the same directory.

  • The created keys will be valid for four years and can be used to setup secure OPC UA connections.
  • If a certificate with the same name already exists, this VI does not create the certificate.
  • To replace an existing certificate that has expired, delete the current keys and run the Create using the same name as the expired certificate.