06/29/2022
Hi,
I am trying to deploy an OPC UA client for a customer, but I’m having issues with certificate validation. The client is intended to auto accept the certificate of any server the user tries to connect to as it will be deployed on a secure closed network.
When I try to connect to the OPC Foundation reference server on my computer or on another physically connected computer, this works fine. However when the customer tries to connect to their server they get an exception:
“Opc.Ua.ServiceResultException: Certificate is not trusted.
SubjectName: CN=XPerGoOPCUAServer
IssuerName: CN=XPerGoOPCUAServer
at Opc.Ua.CertificateValidator.<InternalValidate>__35.MoveNext()
The client uses OPCFoundation.NetStandard.Opc.Ua.Client 1.4.366.38. I have set the ApplicationConfiguration.SecurityConfiguration.AutoAcceptUntrustedCertificates = true, and after seeing another post I tried the workaround of putting an event handler on ApplicationConfiguration.CertificateValidator.CertificateValidation which sets CertificateValidationEventArgs.Accept = true, however I still hit the same error.
I am going to try updating to OPCFoundation.NetStandard.Opc.Ua.Client 1.4.370.1. I will also try defining the ApplicationConfiguration.CertificateValidator with AutoAcceptUntrustedCertificates = true, RejectSHA1SignedCertificates = false and RejectUnknownRevocationStatus = false in case that helps.
Can anyone provide a list of the configuration variables / other things that can cause a server certificate to be rejected?
Thanks in advance!
05/30/2017
You should not be disabling security settings.
If the message is “Certificate is not trusted.” Then the certificate is not trusted.
There are two sides to this problem: the client must trust the server certificate and the server must trust the client certificate. Can verify that you know who is actually complaining about the lack of trust?
1 Guest(s)