Log In
Home
07/18/2018
Offline
Hello,
I am using the most recent version of UA-.NETStandard from GitHub. I connect to a real PLC which is running a OPC UA Server. I am experiencing some problems with certificates and validation. I always got the message below:
Certificate issuer is not trusted.
SubjectName: O=Siemens, C=DE, CN=PLC-1/OPCUA-1-6
IssuerName: O=Siemens, C=DE, CN=Siemens TIA Project(211MUvNEwEGtCWSwY5877g)'
I have already moved the *.der file to the trusted folders but it's solving my problem.
I am developing a .NET Core 2.1 application. What strikes me is that it's working for a .NET 4.6 application. I used both samples within the GitHub repository, the NetCoreConsoleClient gives me a 'Certificate issuer is not trusted' while in the .NET 4.6 application I can connect without trouble.
What should I do have to solve this?
Best regards,
Sander
05/30/2017
Offline
The cert is not self-signed (issuer is different from subject).
You need the issuer cert + and the CRL for the issuer in your trusted folder or the issuers folder.
07/18/2018
Offline
Hi Randy,
Thanks for your quick reply. This may be a stupid question but how do I get the certificate and the crl file from the Siemens PLC I am using. I only got the *.der file automatically generated in my rejected folder. This file seems to be from the server.
Sander
05/30/2017
Offline
The server may be returning an entire chain but the client side code needs to support extracting it.
You can disable checking for the CRL if you do not have it.
That said, if there is a CA then it must be centrally managed. You need to find out who is managing that CA and get the CA + CRL from them.
If the device has a "private" CA that only exists on that device then you have to get it by parsing the chain returned by the server.
1 Guest(s)
Usage Policy