OPC certificates expiration date management

Hi.

On the page

Config > Opcua > Security

I can see the list of all certificates along with their expiration dates.
However, the problem is that I cannot directly associate each certificate with its corresponding OPC UA server.

o work around this, I have been querying the certificates located at:

/data/opcua/client/pki/trusted/certs

with a Powershell script to extract the Subject Alternative Name and ValidTo fields.

This method does not always work for me, though, because sometimes the SAN value does not contain any identifier that helps me match the certificate to a specific OPC UA server.

Is there a simple way to determine the certificate expiration date for each OPC UA server connected to the gateway?
Any insight would be appreciated.

Thank you

The URI from the SAN is the piece of information that definitively identifies a server, but unfortunately that URI is not stored as part of the connection configuration or anywhere else, so I’m not sure there’s a deterministic way to correlate certificates to servers.