Log In
Home
01/07/2022
Offline
I have developed OPC UA SERVER application using CSharp(C#) language.
I have one requirement:
OPC UA server shall validate the Client Certificate and verify that the Client is Authorized to access OPC UA server services, before allowing access to OPC UA server services
I have used the following folders to maintain certificates for OPC UA Server. I have created Self Signed certificate and put under OPC Foundation\pki\own\cert\
Server:
OPC Foundation\pki\own
OPC Foundation\pki\issuer
OPC Foundation\pki\trusted
OPC Foundation\pki
ejected
OPC Foundation\pki\issuerUser
OPC Foundation\pki\trustedUser
Client:
unifiedautomation\uaexpert\PKI\issuers
unifiedautomation\uaexpert\PKI\own
unifiedautomation\uaexpert\PKI
ejected
unifiedautomation\uaexpert\PKI\tls_issuers
unifiedautomation\uaexpert\PKI\trusted
Now my question is, how to send client certificate to server using UAExpert tool? and how to validate client certificate in server?
if it is not valid means then Server should send Bad_certificate error message
05/30/2017
Offline
The UA protocol provides a mechanism for exchanging certificates.
So no special effort is required.
For you to connect successfully the server must trust the client certificate. To establish trust you have to manually copy the client certificate into the trusted folder on the server if you are not using CAs.
The server may save the client certificate in the rejected directory if the certificate is otherwise valid. During testing you can copy this certificate to the trusted folder but for production this is potentially dangerous.
1 Guest(s)
Usage Policy