Certificate Issues BadCertificateHostInvalid|OPC UA Implementation: Stacks, Tools, and Samples|Forum|OPC Foundation

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Certificate Issues BadCertificateHostInvalid
Avatar
Matthew Kubicki
New Member
Members
Forum Posts: 2
Member Since:
06/11/2014
sp_UserOfflineSmall Offline
1
07/29/2016 - 01:56
sp_Permalink sp_Print

Hi,

We are using the OPC Foundation's provided Stack and basing our work on the Opc.Ua.Client library to connect to various OPC UA Servers (Ignition and KepServer to name two).

To take KepServer as an example we find that it creates a server certificate containing its fully qualified domain name and therefore if we attempt to connect via IP address we get a BadCertificateHostInvalid failure.  This still happens if we setup KepServer with only IP address endpoints and regenerate the certificate.

Looking at the code for the Opc.Ua.Client on GitHub I see that there is an option on the method Opc.Ua.Client.Session.Create called 'checkDomain', this disables the check for the domain in the certificate within the Create method, but is not passed on to Session.Open where another ceck is performed (in another call to 'CheckCertificateDomain').

Is this a bug?  Looking at other OPC UA clients I see at least some (Unified Automation) have an option to disable the domain check, should we allow connections in this situation and change the Opc.Ua.Client library to allow it?

 

Thanks,

Matt

Avatar
Guest
Guests
2
07/31/2016 - 23:20
sp_Permalink sp_Print

There is already such an issue on github (https://github.com/OPCFoundati...../issues/51). I expect that the proposed solution will be merged in the near future.

github is the right place to enter such issues. 

Avatar
Matthew Kubicki
New Member
Members
Forum Posts: 2
Member Since:
06/11/2014
sp_UserOfflineSmall Offline
3
08/01/2016 - 01:28
sp_Permalink sp_Print

Thanks for the info.  The link you provide is me with another user name!

Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online: Pavel Seibert
Guest(s) 23
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1341
Posts: 4545