The User Key Store contains all certificates with their public and private keys. The User Trust Store contains one or more
root CA certificates with only their public keys.
Prerequisites: The company serves as its own certificate authority.
- Using
Workbench, access the controller platform’s Certificate Management utility. To do this, either open a platform connection and click or open the station and double-click on CertManagerService (under Config > Services > PlatformServices).
- To export the station’s server certificate with its private key, click the User Key Store tab, select the certificate and click Export.
You need to export the unique server certificate from the User Key Store for each controller station.
- Enable the
Export the private key check box and enter an encryption password to protect the private key in this file.
- To export a root CA certificate, click the User Trust Store tab, select the certificate and click Export. Typically, this only needs to be done once because the root CA certificate is the same in every controller station).
NOTE: It is not necessary to export certificates from the System Trust Store as these are default certificates found in every System
Trust Store. It is only necessary to export any additional certificates that stored in the User Trust Store.
- Repeat the steps above to export the server certificate for each controller station to be migrated.
Make sure exported certificates files are available to the
Workbench PC to use later. For related details, refer to the Niagara Station Security Guide.