Certificate Not Trusted|OPC Certification and Interoperability Testing|Forum|OPC Foundation

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Certificate Not Trusted
Avatar
jacopo pauletto
New Member
Members
Forum Posts: 2
Member Since:
12/22/2023
sp_UserOfflineSmall Offline
1
12/28/2023 - 01:48
sp_Permalink sp_Print

I’m new with OPC Ua but i have to connect e comunicate with our customer’s opc ua server. First of all i built a client in C# and then the certificate for my client with OpenSSL and i sent it to the customer who put it in the trusted folder for certificate, but every time i try to connect i keep get ‘Certficate Not Trusted’ after the session creation. Thats the code of the client and a copy of the certificate that i created https://github.com/PaulettoJacopo/OPC-UA

Avatar
Randy Armstrong
Admin
Forum Posts: 1579
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
12/29/2023 - 22:10
sp_Permalink sp_Print sp_EditHistory

The client needs access to a private key.

The code you are using does not load the private key.

If there is not a good certificate available the SDK will auto-create a new certificate which will not be trusted.

You need to disable the auto-create certificate option.

If you get an error connecting then this is the issue.

Avatar
jacopo pauletto
New Member
Members
Forum Posts: 2
Member Since:
12/22/2023
sp_UserOfflineSmall Offline
3
01/03/2024 - 03:13
sp_Permalink sp_Print sp_EditHistory

Thank you for the clarification.

I decided to create a PFX file that, as i read online, should contains the certificate that i created for the client and the private key, changed my code as:

// Load the certificate from a file
string pfxFilePath = @”xx\xxxx.pfx”;
string pfxPassword = “password”;

X509Certificate2 certificate = new X509Certificate2(pfxFilePath, pfxPassword);

Now i have to share the PFX file with the costumer as i did with the previous certificate or he only needs the .der certificate that i already sent?

Avatar
Randy Armstrong
Admin
Forum Posts: 1579
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
4
01/03/2024 - 08:38
sp_Permalink sp_Print

The private key must never leave the machine where it is created.

Only the DER is distributed.

If the DER is the same as the current PFX then nothing more is needed.

You should confirm that you can connect securely to a sample server running on your local machine before you update the customer.

Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online: radziu ignac
Guest(s) 25
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1446
Posts: 4890