Log In
Home
12/15/2020
Offline
Hi,
We have OPC UA , all of which have self-signed certificates. When we choose Sign&Encrypt Security Mode, the self-signed cert is presented and we have the option to accept once or accept permanently. When we accept permanently, the cert is stored in the trusted certs folder.
Now, my understanding is that this cert is the authentication root for all further communication with this device. Meaning, for all further communications, the cert from the device is checked if present in the trusted certs folder and validated. If the certificate expires after say 1 year, What is the behavior here? Would an exception be thrown that communication failed? Or would the user be prompted again to accept the certificate? If so, when the cert is accepted would the expired cert in the trusted certs folder be replaced by the new cert? Kindly clarify
Regards,
Vinod Pydi
05/30/2017
Offline
Certificates must pass all validation checks even if they are a trusted root.
i.e. expiry, revocation (non-self signed), signature, etc.
The verification is done each time a secure channel is created or renewed.
12/15/2020
Offline
Hi Randy, Thanks for your quick reply. So you mean the stack will take care of the verification part. ?
1 Guest(s)
Usage Policy