Unified Automation Forum

Hi there,

how can I get the Server SDK to automatically accept all clients and not rejecting them?
There is an option to set "AutomaticallyTrustAllClientCertificates" to "true" in the configuration files , but client certificates are not be stored.
I want to store the certificate in trust folder.
Are there any other ways ?

Thanks in advance.

Hi,

regarding security there are only two ways to do it: do it correct, or leave it.
If you want to trust all clients (in fact you ignore their certificates without even checking them), there is no need to store them, because they are not even looked at anyways. The "TrustAllClient" mode is switching fom the OPC UA double-side trust check into a single-side trust check (as of typical web applications). Your server will be "public" (for every client) available and should take user authentication into account instead. That said, the "TrustAllClient" is a very special use case and should not be used for regular OPC UA application scenarios.

The SDK will callback the application whenever a certificate is quarantained in the "rejected" folder, your application can decide what to do next.

Hi,

I just found this post.

The SDK will callback the application whenever a certificate is quarantained in the "rejected" folder, your application can decide what to do next.

Where can I find this callback?

Thanks,
Bastian

Hello Bastian,

you can implement the Interface UaServer::secureChannelCertificateError() and then create an instance of your implementation via the Interface UaServerApplicationCallback::createUaServer().

Hi,

thanks for the reply.
UaServer::secureChannelCertificateError() is not virtual, so it cannot be overridden.
A UaServer* pointer from createUaServer() will always call UaServer::secureChannelCertificateError().

Or did I misunderstand the answer?

Thanks,
Bastian

Hello Bastian,

apologies, we did not catch that. There is no callback. Usually there is no use case for that in an environment with a proper PKI infrastructure.