From OpenSCADAWiki
Private keys and certificates
For the client and server-protocol parts of OPC-UA working you need to create and to place the private key and the certificate into configuration of client or server object. In general, there will be enough to create an ordinal selfsigned certificate and a private key without password, but, for exclude warning messages, you need to add range of service fields to the certificate. That you can do taking the file of configuration of the certificate creation and executing next procedure:
# Private key creation:
openssl genrsa -out key_c.pem -des3 -rand /var/log/messages 2048
# Private key without the password creation:
openssl rsa -in key_c.pem -out key_c1.pem
# Selfsigned certificate creation:
openssl req -x509 -new -key key_c.pem -out cert_c.pem -config ./OPC-UA_openssl.cnf -days 3650
# Files content placing, for the file key_c1.pem to the field of private key and the file cert_c.pem to the certificate field!