Log In
Home
10/15/2021
Offline
Hello
I was just thrown into the world of OPC UA. I got a .net client in my hands now (a simple console) which connects to OPC ua server.
All fine so far, the issue is that I dont want to approve certificates on the server side, so I created - with the help of openssl - a CA and another cert which is signed by this CA. I put the client certificate into the CurrentUser\My store path and it is read which is fine. But the certificate is always invalid (certificateValid variable is false). Where should i put the CA keys to? If I put it to trusted issuer store (in my case a directory "UA Certificate Authorities") it doesnt even recognize it. Is there a special form it has to be in or different directory? The documentation what i found is a wee vague regarding use of CA.
Any help in the right direction is appreciated! Even pointing to useful documentation
Best regards
p.s. Not using the discovery server
05/30/2017
Offline
You can't use a CA without a CRL.
Did you create one?
10/15/2021
Offline
Sorry for slow response I got issues logging in..
Anyway yes since my post I've created CRL, my cert is still not valid for some reason. (As per ca csr config i host it on some http://localhost:8000/intermed.....te.crl.pem). I faked it in code so it marks it as valid and then I manage to make it work with prosys simulator.
But i have to copy crl manually to the directory crl and ofcourse rootCA public key (../PKI/CA/crl and ../PKI/CA/certs accordingly).
But I cannot make it work with kepserverEx it always marks as untrusted. I dont know where to put crl and root ca for kepserver though. Google has not been fruitful in this regards.
Thank you for the help Randy!
1 Guest(s)
Usage Policy