#282 - How to create a new/renew a CA certificate for OPC UA in WinCC SCADA

Certificates released from Certificate Authorities (CA) have an expiration date, and the validity for some of them are 5 years.

When these certificates expire an error message will appear with the following error code: BadCertificateTimeInvalid.

From the error message identify some important information:

- The name of the certificate, e.g., "Siemens OPC UA Server for WinCC Runtime Professional".

- The machine where the error has occurred, e.g., SRV01.

- The start and end date of the certificate. The start date will help to identify the folders that are impacted, such as "C:\Program Files (x86)\Siemens\Automation\SCADA-RT_V11\WinCC\opc".

- To renew the certificates on the Server: Delete the expired certificate (.der) and the corresponding private keys (.pfx) in the folders: ...\WinCC\opc\UAServer\PKI\CA\certs and ...\WinCC\opc\UAServer\PKI\CA\private

- Open the Windows cmd as admin: cd to the folder ...\WinCC\opc\UAServer\ and run the .exe with the flag: OpcUaServerWinCCPro.exe /CreateCertificate.

- To renew the certificates on the Client: Delete the expired certificate (.der) and the corresponding private keys (.pfx) in the folders: ...\WinCC\opc\UAClient\PKI\OPCUA\certs and ...\WinCC\opc\UAClient\PKI\OPCUA\private

- Open the Windows cmd as admin: cd to the folder ...\WinCC\opc\UAClient\UaConfigServer\ and run with the flag: CCOpcUaImporter.exe /CreateCertificate.