Is there a central Ignition SSL keychain available?

christofer.dutz · March 2, 2026, 9:29am

Hi all,

I’m currently working on integrating support for Secure AMS into my Beckhoff ADS driver. Here there are 3 types I can use: Officially Signed Certificates (not an issue), PSK (Pre-shared-Key) and Self-Signed-Certificate. While for the first I obviously don’t need any setup and for the PSK version I just display two input fields, for the SSC I would need a java keychain plus some input fields.

Now I was thinking, I assume the OPC-UA driver supports TLS secured communication, so ignition probably has a keychain in place. I would like to re-use that for my driver. The alternative would be to auto-generate one, if none is provided.

I guess generating one on the fly would not be a huge problem, I just thought re-using what’s already there would be easier.

So … Is there an option for modules to access an official Ignition keychain for TLS transports?

Chris

Kevin.Herron · March 2, 2026, 1:02pm

There isn’t a centralized KeyStore or certificate management function/area, though it’s something we’ve talked about. Currently each area of Ignition that needs certificates/keys manages its own.

christofer.dutz · March 2, 2026, 2:36pm

Ah ok … thanks … then I’ll continue down that path … is there a default storage convention where modules are to put their data (such as p12 keystores?)

Kevin.Herron · March 2, 2026, 2:49pm

From GatewayContext, get the SystemManager.

In 8.1, you can get the data dir and then use something like $data/$moduleId/yourfiles.

In 8.3 SystemManager has methods like getModuleConfigDir() that you would want to use instead.

christofer.dutz · March 2, 2026, 2:59pm

Perfect … thank you