Client rejects untrusted server certificate when set to auto accept untrusted certificates|OPC UA Standard|Forum|OPC Foundation

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Client rejects untrusted server certificate when set to auto accept untrusted certificates
Avatar
Daniel Rothwell
New Member
Members
Forum Posts: 1
Member Since:
06/29/2022
sp_UserOfflineSmall Offline
1
08/10/2022 - 03:02
sp_Permalink sp_Print

Hi,

I am trying to deploy an OPC UA client for a customer, but I’m having issues with certificate validation. The client is intended to auto accept the certificate of any server the user tries to connect to as it will be deployed on a secure closed network.

When I try to connect to the OPC Foundation reference server on my computer or on another physically connected computer, this works fine. However when the customer tries to connect to their server they get an exception:

“Opc.Ua.ServiceResultException: Certificate is not trusted.
SubjectName: CN=XPerGoOPCUAServer
IssuerName: CN=XPerGoOPCUAServer
at Opc.Ua.CertificateValidator.<InternalValidate>__35.MoveNext()

The client uses OPCFoundation.NetStandard.Opc.Ua.Client 1.4.366.38. I have set the ApplicationConfiguration.SecurityConfiguration.AutoAcceptUntrustedCertificates = true, and after seeing another post I tried the workaround of putting an event handler on ApplicationConfiguration.CertificateValidator.CertificateValidation which sets CertificateValidationEventArgs.Accept = true, however I still hit the same error.

I am going to try updating to OPCFoundation.NetStandard.Opc.Ua.Client 1.4.370.1. I will also try defining the ApplicationConfiguration.CertificateValidator with AutoAcceptUntrustedCertificates = true, RejectSHA1SignedCertificates = false and RejectUnknownRevocationStatus = false in case that helps.

Can anyone provide a list of the configuration variables / other things that can cause a server certificate to be rejected?

Thanks in advance!

Avatar
Randy Armstrong
Admin
Forum Posts: 1579
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
08/11/2022 - 14:47
sp_Permalink sp_Print

You should not be disabling security settings.

If the message is “Certificate is not trusted.” Then the certificate is not trusted.

There are two sides to this problem: the client must trust the server certificate and the server must trust the client certificate. Can verify that you know who is actually complaining about the lack of trust?

Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 35
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1445
Posts: 4889