OPC Unified Architecture (OPC UA) provides a powerful and inherent security model. These mechanisms rely on software certificates. In an automation system where OPC UA is applied, a strategy must be defined how to manage these certificates, i.e. an organised way of distribution, validation and revocation needs to be found. In general, there exist different concepts of how to achieve this goal. Moreover, there are various, in some cases platform dependent frameworks available which assist the developer in implementing a suitable concept. The aim of this paper is to give an overview of these concepts and frameworks and discuss their positive and negative aspects depending on the structure of different environments in which OPC UA applications shall be embedded.