UA Expert warning URI

[cacamille3]

Hi,

I am using UAExpert 1.4.4

We have some devices with multiple IP interface with different IP addresses (ie: 192.168.28.111, 192.168.28.112) and Hostname
We have an OPC UA Server on the device and one Certificate.
The certificate contains the different IP Addresses for each interface in the Subject Alt. Names list (ie: URI192.168.28.111, URI192.168.28.112)

UA Expert only checks the first URI in the list of Subject Alt Names.
If I connect to our OPC UA Server with 192.168.28.111 I get the warning that the certificate is not trusted but the URI is displayed normally.
(I select to not trust the certificate.)
If I connect to our OPC UA Server with 192.168.28.112, I get the warning that the certificate is not trusted but the URI (with value 'URI192.168.28.111) is colored orange
https://imgur.com/GQW4Mhr

But there is actually 3 Subject Alt Names URI is this certificate (2 for IPs and 1 for a hostname)
https://imgur.com/a/P3eVKs2

If I trust the certificate then I do not get any warning.

The question is why only displaying/using the first URI present in the Subject Alt Names ?

Note : When i tried to upload an image I got the error : "Sorry, the board attachment quota has been reached."

[Support Team]

Hello cacamille3,

PKI certificates that are used as Application Instance certificates are expected to have only one 'URI' extension which shall contain the unique ApplicationUri. For our demo servers, for example, we use urn:<hostname>:UnifiedAutomation:UaServerCpp. An application can not have more than one ApplicationUri.

Additionally, the certificate is expected to have one or more IP and / or DNS Name extensions that contain the IP addresses and / or hostnames the server is reachable by.

Hence, a server certificate might have following extensions:

URL=urn:<hostname>:UnifiedAutomation:UaServerCpp
DNS Name=domain-name-1
DNS Name=domain-name-2
IP Address=123.123.123.123
IP Address=234.234.234.234