Log In
Home
06/11/2014
Offline
Hi,
We are using the OPC Foundation’s provided Stack and basing our work on the Opc.Ua.Client library to connect to various OPC UA Servers (Ignition and KepServer to name two).
To take KepServer as an example we find that it creates a server certificate containing its fully qualified domain name and therefore if we attempt to connect via IP address we get a BadCertificateHostInvalid failure. This still happens if we setup KepServer with only IP address endpoints and regenerate the certificate.
Looking at the code for the Opc.Ua.Client on GitHub I see that there is an option on the method Opc.Ua.Client.Session.Create called ‘checkDomain’, this disables the check for the domain in the certificate within the Create method, but is not passed on to Session.Open where another ceck is performed (in another call to ‘CheckCertificateDomain’).
Is this a bug? Looking at other OPC UA clients I see at least some (Unified Automation) have an option to disable the domain check, should we allow connections in this situation and change the Opc.Ua.Client library to allow it?
Thanks,
Matt
There is already such an issue on github (https://github.com/OPCFoundati…../issues/51). I expect that the proposed solution will be merged in the near future.
github is the right place to enter such issues.
1 Guest(s)
Usage Policy