Certificates - what do I really need?

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

Moderator: uasdknet

Post Reply
Jr. Member
Jr. Member
Posts: 1
Joined: 08 Jun 2020, 13:06

Certificates - what do I really need?

Post by ThomasTIP »

Hi all,

I'm new to OPC, and I'm having trouble understanding what all those certificates are about.

As I understand it so far, the client needs a certificate and the server needs a certificate.
When the client first starts, I need to specify or create a certificate.
Question 1: I looked at the samples and the documentation of CreateCertificateSettings. Which fields in there are mandatory and why? For instance, what effect would it have if I omit the application name or the organization? At what point will that haunt me later?

The first time a client connects to a server, the server will provide its certificate, which the client must trust.
Then, the client certificate also needs to be trusted on the server side. However, the OPC server of my customer returns BadCertificateUntrusted, even though the OPCServer.xml.config has AutoAcceptUntrustedCertificates set to true. I also don't see any certificate in the pki\rejected folder on the server.
Question 2: what am I missing to make the server accept the client certificate?

Bonus question: OPCServer.xml.config defines a base address for opc.tcp with port 58100. However, I can only connect to that server over port 4840. Why is that?

Post Reply