Server certificate handling without Security
Posted: 26 Mar 2021, 10:13
Hi everyone,
I have tried connecting to a server with Security Mode "None". I followed the examples and the documentation from here:
https://documentation.unified-automation.com/uasdkcpp/1.7.4/html/L2ClientSdkSecurity.html
That means I used the discovery service and then stored the server certificate from the endpoint description to my session security info.
When I try to validate this certificate, I get a BadNotSupported return code. The trace showed, that the splitCertificateChain method fails. So even, if I set the doServerCertificateVerify to false, the connection fails. When I skip setting the server certificate to my security info, the connection succeeds.
A UaExpert instance that connects with the same settings shows the "Trust Certificate?"-Window when connecting and also connects successfully when I choose the "Ignore" option. The trace of the UaExpert also shows no entry of a failed splitCertificateChain method.
Long story short, what is the UaExpert doing differently than me?
Is the server delivering a broken certificate, or shall I not use the server certificate in my security info with Security Mode "None"?
Additional information:
I use the C++ client SDK at version 1.7.4
The UaExpert's version is 1.5.1-331
Thank you!
I have tried connecting to a server with Security Mode "None". I followed the examples and the documentation from here:
https://documentation.unified-automation.com/uasdkcpp/1.7.4/html/L2ClientSdkSecurity.html
That means I used the discovery service and then stored the server certificate from the endpoint description to my session security info.
When I try to validate this certificate, I get a BadNotSupported return code. The trace showed, that the splitCertificateChain method fails. So even, if I set the doServerCertificateVerify to false, the connection fails. When I skip setting the server certificate to my security info, the connection succeeds.
A UaExpert instance that connects with the same settings shows the "Trust Certificate?"-Window when connecting and also connects successfully when I choose the "Ignore" option. The trace of the UaExpert also shows no entry of a failed splitCertificateChain method.
Long story short, what is the UaExpert doing differently than me?
Is the server delivering a broken certificate, or shall I not use the server certificate in my security info with Security Mode "None"?
Additional information:
I use the C++ client SDK at version 1.7.4
The UaExpert's version is 1.5.1-331
Thank you!