CTT Certificate Validation|OPC Certification and Interoperability Testing|Forum|OPC Foundation

Avatar
sp_LogInOut Log In
sp_Search Search
Advanced Search
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Search Search
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
CTT Certificate Validation
Avatar
Wen-Jui Chang
Member
Members
Forum Posts: 5
Member Since:
05/12/2017
sp_UserOfflineSmall Offline
1
06/01/2017 - 01:29
sp_Permalink sp_Print sp_EditHistory

Dears,

There was an error occurred when verifying "security certificate validation"

007.js and 008.js title shows we should get a response with status BadSecurtiyChecksFailed if client side use Expired / Not-yet-valid certificate.

But the error shows the expected result is Good or BadCertificateTimeInvalid.

It made me confused.

Could you tell me how to handle this part? Confused

CTT tool version: 1.2.336.273

Image Enlarger

Avatar
Paul Hunkar
Cleveland, Ohio, USA
Moderator
Members

Moderators-Specifications

Moderators-Companion

Moderators-Implementation

Moderators-Certification

Moderators-COM
Forum Posts: 109
Member Since:
02/24/2014
sp_UserOfflineSmall Offline
sp_UserWebsite
2
06/07/2017 - 20:28
sp_Permalink sp_Print

The test cases are correct as it is written.  In an earlier version of the specification when the test cases where initially generate all security checks were expected to return BadSecurityChecksFailed, but this was corrected for a few test cases where the certificate and communication has been validated but a minor error has occurred.  The additional information that the certificate has expired is allowed to be returned.  In addition the specification allows a server to be configured to ignore that a certificate is expired error and continue to use the certificate (good result).  The server is required to log or otherwise report (internally) that the certificate is expired in the case of a good result.

 In a future version of the CTT we will rename the test case and remove the "Expects BadSecurityCheckFailed" from the title. 

One additional note, the configuration instruction for the CTT require you to copy the expired certificate to the trusted list for the server, if this is not done then a BadSecurityChecksFailed error is returned, since the certificate is not in the trusted list.  It does not matter that it is expired. 

Paul Hunkar

Directory of Certification.

Paul Hunkar - DSInteroperability

Avatar
Wen-Jui Chang
Member
Members
Forum Posts: 5
Member Since:
05/12/2017
sp_UserOfflineSmall Offline
3
06/08/2017 - 20:26
sp_Permalink sp_Print

Hi paul,

thanks a lot for your reply.Wink

Avatar
Wen-Jui Chang
Member
Members
Forum Posts: 5
Member Since:
05/12/2017
sp_UserOfflineSmall Offline
4
06/15/2017 - 23:51
sp_Permalink sp_Print sp_EditHistory

Hi Paul,

There is still one confusing issue:

CTT Tool parameter in Session --> ReauestedSessionTimeout default value is 120000 but shows "Recommend value : 60000"

60000 will get fail [Subscription Publish Min2 -->003] even with Sample Server.

sp_Feed
Go to top
Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 27
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1347
Posts: 4566