# PKI

## PKI Certificates

The *PKI* page is used to manage certificates for services that require secure communication. On this page, you can select a service and store the certificates needed to establish trusted encrypted connections.

The page is located in the *Platform* area under:

*Connect Hub* -> *PKI* -> *Certificates*

***

## Page Structure

The *PKI* page is divided into two main areas:

### Services

The left-hand area shows the available services for which certificates can be managed.

In the example shown, the following services are available:

* *MQTT*
  * *Eliona cloud broker*
* *OPC-UA*
  * *Simulator server*

Click a service entry to load its certificate configuration.

### Configuration

The right-hand area shows the certificate configuration for the currently selected service.

If no service is selected yet, a message is displayed indicating that you must first select a service before configuring certificates.

***

## Certificate Areas

Once a service is selected, the certificate management view displays two certificate lists:

### CA certificates

This area contains stored certificate authority certificates used to validate communication partners.

Use **+ CA certificate** to add a new CA certificate.

### Own certificates

This area contains certificates owned by your BuildingPro Suites instance and used by the selected service itself.

Use **+ Own certificate** to add a new certificate.

If no certificates have been stored yet, the lists display *No data to show*.

***

## Typical Use

You use the *PKI* page when a service requires certificate-based trust management, for example:

* to trust a remote broker or server through a CA certificate
* to provide the system's own certificate for authenticated and encrypted communication
* to maintain separate certificate sets for different services

The exact certificates required depend on the selected service and the communication setup.

***

### Notes

* Certificates are managed per service.
* CA certificates and own certificates are stored separately.
* The available services depend on the modules and integrations active in your system.

  <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>Use the <em>PKI</em> page only if your integration requires certificate-based authentication or encrypted communication based on trusted certificates.</p></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.buildings.ability.abb/collection/mandatory-base/platform-core/connect-hub/pki.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.