Unified Architecture topics related to OPC UA Specification, compliant behavior and any technical issues of OPC UA, like Security, Information Model, Companion Specs DI, PLCopen, ADI, ...
application certificate and user certificate are two different certificates, and you should not mix up.
OPC UA has defined multiple levels of security, on application level but also on user (authentication) level. The Message Security Mode belongs to the application certificate enforcing either sign only, or sign&encrypt on the messages sent over the secure channel. In addition thereto the user authentication is used to decide which user is allowed to access data of which individual nodeID. You can use either username/pwd or user-certificate depending on the token type allowed/configured for the particular endpoint.
thank for reply and you passion, i have understand, what i m looking for
but when security mode : none none and user tocking anonymous
opc ua client need certificat from sever !
If you have "None" on the channel, the certificate (if any) should be ignored (because your SecurityMode is "None"). However, for the UserToken "username" you would need to encrypt the pwd (do not transmit clear text pwds). In order to do so you need an "encryption algorithm", which the server must have told you in the endpoint descritpion. And because of that you probably must have and derive algorithm from there.
However, the combination of "no securtiy" on the channel and "anonymous" user is valid (security is completely turned off), but when having "no security" on the chennel in combination with "username", you must have a policy (you should not transmit clear text pwd).