Hello,
When a client connects with security the first time needs to make the connection twice. First to store the certificate and second to verify if it is trusted. Is this behavior for any reason? Could it be made in one single step without needing a second connection? This will involve changes in OpcUa_SecureListener_ProcessOpenSecureChannelRequest.
Another question. Is there any reason why a certificate must be stored permanently? Could them be removed cyclically or stored in RAM?
Many thanks. Regards.
secure connection
Moderator: uasdkc
- Support Team
- Hero Member
- Posts: 3072
- Joined: 18 Mar 2011, 15:09
Re: secure connection
Dear Perezjo,
However, using this configuration option is a security risk because the certificates are just used for message security and not for application authentication anymore. Therefore we recommend to use the option only with User-Authentication.
Best Regards
Support Team
That would mean your server is accepting every incoming client right away. There is a configuration option in the server (TrustAllClientCertificates) which can be used in your certain use case. See documentation for details.Could it be made in one single step without needing a second connection?
no there is not, and the above switch is doing exactly that. It is not storing the certificate.Is there any reason why a certificate must be stored permanently?
However, using this configuration option is a security risk because the certificates are just used for message security and not for application authentication anymore. Therefore we recommend to use the option only with User-Authentication.
Best Regards
Support Team