Own Customer Certificate instead of Self Signed Certificate | OPC UA Implementation: Stacks, Tools, and Samples | Forum

Lost password?

Home Forum OPC UA Implementation: Stacks, Tool…Own Customer Certificate instead of…

Own Customer Certificate instead of Self Signed Certificate

Vinod Pydi

Member

Members

Forum Posts: 16

Member Since:
12/15/2020

Offline

12/02/2021 - 07:40

Hi,

In our OPC Server, We have the security configuration stored in the config.xml. However, is there any possibility that instead of stack creating the application instance certificate, Can a customer have his/her own certificate and place the certificate in the configured folder instead stack creating the certificate by default. Will this work? If yes any changes required? Please guide us.

Regards,

Vinod Pydi

Randy Armstrong

Admin

Forum Posts: 1564

Member Since:
05/30/2017

Offline

12/02/2021 - 12:03

What stack are you using?

Every stack should have a configuration file that allows you to specify the certificate to use.

Please consult the vendor of the stack you are using for instructions.

Vinod Pydi

Member

Members

Forum Posts: 16

Member Since:
12/15/2020

Offline

12/02/2021 - 12:11

Hi Randy,

Thanks for your reply, Apologies, didn't put my question well.we are using OPC foundation sample stack.we have defined the certificate in the config file it was working fine. However instead of stack creating a self signed certificate at the start up can some one manually place the certificate in the trusted folder.will the OPC stack support other certificates.

Randy Armstrong

Admin

Forum Posts: 1564

Member Since:
05/30/2017

Offline

12/02/2021 - 17:42

If your certificate is not valid the .net codebase will create a new one.

Have you made sure your certificate meets all UA requirements?
https://reference.opcfoundatio.....rt6/6.2.2/

Turn on tracing to see what errors are reported.

Vinod Pydi

Member

Members

Forum Posts: 16

Member Since:
12/15/2020

Offline

12/03/2021 - 05:41

Hi Randy,

So one last question, stack creates a certificate based on the below configuration

%CommonApplicationData%\XXX\XX\CertificateStores\MachineDefault
CN=MyOrg_Root,OU=KA,O=SA,L=KA,ST=KA,C=RO

i have placed my certificate in the above configuration, as i hope all the UA requirements are met.

My Certificate is : MyOrg_Root.der

I have a doubt like when stack creates a certificate it create with the below unique number marked in bold, So if i create my own certificate say MyOrg_Root.der without the unique number, will stack also validates/checks for this unique number?

Stack Certificate : MyOrg_Root [7E440150E3C323B7E27F07F7718F8CADF6058104].der

Regards,

Vinod Pydi

Randy Armstrong

Admin

Forum Posts: 1564

Member Since:
05/30/2017

Offline

12/03/2021 - 12:51

You have the ApplicationUri in the subjectAltName and any domains must match the EndpointUrls.

You also need a PFX file with the private key.

Zbynek Zahradnik

Member

Members

Forum Posts: 62

Member Since:
02/24/2014

Offline

12/14/2021 - 05:09

The part in bold is the certificate thumbprint. One reason it is there is because you may have multiple certificates with the same common name - it is often the case when you are renewing them.

I have quickly checked the .NET code, and it seems that the thumbprint in the file name is not required - what really matters is the actual contents of the certificates, and not their file names.

Forum Timezone: America/Phoenix

Most Users Ever Online: 510

Currently Online:

Guest(s) 44

Currently Browsing this Page:
1 Guest(s)