secure connection

Questions regarding the use of the ANSI C SDK for Server or Client development or integration into customer products ...

Moderator: uasdkc

Post Reply
perezjo
Sr. Member
Sr. Member
Posts: 14
Joined: 27 Mar 2014, 10:46

secure connection

Post by perezjo »

Hello,

When a client connects with security the first time needs to make the connection twice. First to store the certificate and second to verify if it is trusted. Is this behavior for any reason? Could it be made in one single step without needing a second connection? This will involve changes in OpcUa_SecureListener_ProcessOpenSecureChannelRequest.

Another question. Is there any reason why a certificate must be stored permanently? Could them be removed cyclically or stored in RAM?

Many thanks. Regards.

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: secure connection

Post by Support Team »

Dear Perezjo,
Could it be made in one single step without needing a second connection?
That would mean your server is accepting every incoming client right away. There is a configuration option in the server (TrustAllClientCertificates) which can be used in your certain use case. See documentation for details.
Is there any reason why a certificate must be stored permanently?
no there is not, and the above switch is doing exactly that. It is not storing the certificate.

However, using this configuration option is a security risk because the certificates are just used for message security and not for application authentication anymore. Therefore we recommend to use the option only with User-Authentication.

Best Regards
Support Team

Post Reply