# PKI

## PKI Certificates

The *PKI* page is used to manage certificates for services that require secure communication. On this page, you can select a service and store the certificates needed to establish trusted encrypted connections.

The page is located in the *Platform* area under:

*Connect Hub* -> *PKI* -> *Certificates*

***

## Page Structure

The *PKI* page is divided into two main areas:

### Services

The left-hand area shows the available services for which certificates can be managed.

In the example shown, the following services are available:

* *MQTT*
  * *Eliona cloud broker*
* *OPC-UA*
  * *Simulator server*

Click a service entry to load its certificate configuration.

### Configuration

The right-hand area shows the certificate configuration for the currently selected service.

If no service is selected yet, a message is displayed indicating that you must first select a service before configuring certificates.

***

## Certificate Areas

Once a service is selected, the certificate management view displays two certificate lists:

### CA certificates

This area contains stored certificate authority certificates used to validate communication partners.

Use **+ CA certificate** to add a new CA certificate.

### Own certificates

This area contains certificates owned by your BuildingPro Suites instance and used by the selected service itself.

Use **+ Own certificate** to add a new certificate.

If no certificates have been stored yet, the lists display *No data to show*.

***

## Typical Use

You use the *PKI* page when a service requires certificate-based trust management, for example:

* to trust a remote broker or server through a CA certificate
* to provide the system's own certificate for authenticated and encrypted communication
* to maintain separate certificate sets for different services

The exact certificates required depend on the selected service and the communication setup.

***

### Notes

* Certificates are managed per service.
* CA certificates and own certificates are stored separately.
* The available services depend on the modules and integrations active in your system.

  <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>Use the <em>PKI</em> page only if your integration requires certificate-based authentication or encrypted communication based on trusted certificates.</p></div>