Own Customer Certificate instead of Self Signed Certificate|OPC UA Implementation: Stacks, Tools, and Samples|Forum|OPC Foundation

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Own Customer Certificate instead of Self Signed Certificate
Avatar
Vinod Pydi
Member
Members
Forum Posts: 16
Member Since:
12/15/2020
sp_UserOfflineSmall Offline
1
12/02/2021 - 07:40
sp_Permalink sp_Print

Hi,

In our OPC Server, We have the security configuration stored in the config.xml. However, is there any possibility that instead of stack creating the application instance certificate, Can a customer have his/her own certificate and place the certificate in the configured folder instead stack creating the certificate by default. Will this work? If yes any changes required? Please guide us.

 

Regards,

Vinod Pydi 

Avatar
Randy Armstrong
Admin
Forum Posts: 1580
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
12/02/2021 - 12:03
sp_Permalink sp_Print

What stack are you using?

Every stack should have a configuration file that allows you to specify the certificate to use.

Please consult the vendor of the stack you are using for instructions.

Avatar
Vinod Pydi
Member
Members
Forum Posts: 16
Member Since:
12/15/2020
sp_UserOfflineSmall Offline
3
12/02/2021 - 12:11
sp_Permalink sp_Print

Hi Randy,

Thanks for your reply, Apologies, didn’t put my question well.we are using OPC foundation sample stack.we have defined the certificate in the config file it was working fine. However instead of stack creating a self signed certificate at the start up can some one manually place the certificate in the trusted folder.will the OPC stack support other certificates. 

Avatar
Randy Armstrong
Admin
Forum Posts: 1580
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
4
12/02/2021 - 17:42
sp_Permalink sp_Print

If your certificate is not valid the .net codebase will create a new one.

Have you made sure your certificate meets all UA requirements?
https://reference.opcfoundatio…..rt6/6.2.2/

Turn on tracing to see what errors are reported.

Avatar
Vinod Pydi
Member
Members
Forum Posts: 16
Member Since:
12/15/2020
sp_UserOfflineSmall Offline
5
12/03/2021 - 05:41
sp_Permalink sp_Print sp_EditHistory

Hi Randy,

So one last question, stack creates a certificate based on the below configuration

%CommonApplicationData%\XXX\XX\CertificateStores\MachineDefault
CN=MyOrg_Root,OU=KA,O=SA,L=KA,ST=KA,C=RO

i have placed my certificate in the above configuration, as i hope all the UA requirements are met. 

My Certificate is  : MyOrg_Root.der 

I have a doubt like when stack creates a certificate it create with the below unique number marked in bold, So if i create my own certificate  say MyOrg_Root.der without the unique number, will stack also validates/checks for this unique number? 

 

Stack Certificate : MyOrg_Root [7E440150E3C323B7E27F07F7718F8CADF6058104].der

 

Regards,

Vinod Pydi

Avatar
Randy Armstrong
Admin
Forum Posts: 1580
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
6
12/03/2021 - 12:51
sp_Permalink sp_Print sp_EditHistory

You have the ApplicationUri in the subjectAltName and any domains must match the EndpointUrls.

You also need a PFX file with the private key.

Avatar
Zbynek Zahradnik
Member
Members
Forum Posts: 62
Member Since:
02/24/2014
sp_UserOfflineSmall Offline
7
12/14/2021 - 05:09
sp_Permalink sp_Print sp_EditHistory

The part in bold is the certificate thumbprint. One reason it is there is because you may have multiple certificates with the same common name – it is often the case when you are renewing them.

I have quickly checked the .NET code, and it seems that the thumbprint in the file name is not required – what really matters is the actual contents of the certificates, and not their file names.

Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 25
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1446
Posts: 4891