Hello,
I use UaExpert 1.4.4.275 on Windows 10 x64. I try to connect to OPC UA Server with security mode = "none" and when server returns me certificate, then I get an error "BadCertificateUntrusted". There is no any red field in Certificate details table of Certificate Validation window. When I press button "Trust server certificate", then nothing happens (continue button still disabled), however I see that this certificate was added in UaExpert certificates trust folder and marked as "Trusted" in Manage Certificates window. Any idea how to solve the problem?
"Trust server certificate" button doesn't work properly
Moderator: uaexpert
-
- Jr. Member
- Posts: 3
- Joined: 03 Oct 2018, 03:26
- Support Team
- Hero Member
- Posts: 3064
- Joined: 18 Mar 2011, 15:09
Re: "Trust server certificate" button doesn't work properly
Hello astae,
what does the 'Trust Status' column of the 'Certificate Validation' window show when you're connecting to the server? If it only shows 'Bad' this might be a known display issue: if the server is using a CA-signed certificate, it expects to find the CA certificate and a matching certificate revocation list (CRL). If no matching CRL is found, the status might simply show as 'Bad'. Please enable the UaExpert settings 'General.DisableError.CertificateIssuerRevocationUnknown' and 'General.DisableError.CertificateRevocationUnknown' and then try connecting again.
what does the 'Trust Status' column of the 'Certificate Validation' window show when you're connecting to the server? If it only shows 'Bad' this might be a known display issue: if the server is using a CA-signed certificate, it expects to find the CA certificate and a matching certificate revocation list (CRL). If no matching CRL is found, the status might simply show as 'Bad'. Please enable the UaExpert settings 'General.DisableError.CertificateIssuerRevocationUnknown' and 'General.DisableError.CertificateRevocationUnknown' and then try connecting again.
Best regards
Unified Automation Support Team
Unified Automation Support Team
-
- Jr. Member
- Posts: 3
- Joined: 03 Oct 2018, 03:26
Re: "Trust server certificate" button doesn't work properly
When I am connecting to server the column shows "Untrusted". However the column with the same certificate in Manage Certificates window has Status column value - "Trusted". Additionally, in Certificate Validation Window "Errors" row I can see value "Errror invalid CA certificate [BadCertificateInvalid]".Support Team wrote:Hello astae,
what does the 'Trust Status' column of the 'Certificate Validation' window show when you're connecting to the server? If it only shows 'Bad' this might be a known display issue: if the server is using a CA-signed certificate, it expects to find the CA certificate and a matching certificate revocation list (CRL). If no matching CRL is found, the status might simply show as 'Bad'. Please enable the UaExpert settings 'General.DisableError.CertificateIssuerRevocationUnknown' and 'General.DisableError.CertificateRevocationUnknown' and then try connecting again.
-
- Jr. Member
- Posts: 3
- Joined: 03 Oct 2018, 03:26
Re: "Trust server certificate" button doesn't work properly
It might be important that before new OS installation (Windows 10/x64), I haven't problem on Windows 7 (x64). But I am not sure that it is OS problem.
- Support Team
- Hero Member
- Posts: 3064
- Joined: 18 Mar 2011, 15:09
Re: "Trust server certificate" button doesn't work properly
Hello astae,
this behaviour is independent on the used OS, so your new Windows installation doesn't affect the behaviour.
Please enable the UaExpert settings 'General.DisableError.CertificateIssuerRevocationUnknown' and 'General.DisableError.CertificateRevocationUnknown' and then try connecting again to check if the problen is the missing CRL.
The error "Error invalid CA certificate [BadCertificateInvalid]" is a hint that UaExpert either cannot find the CA certificate that signed the server certificate, or that the CA certificate is not valid at all. Please check the "Issuers" tab in the "Manage Certificates" window if there are CA certificates and if they are valid.
If this doesn't help, please open a support request at https://webdav.unifiedautomation.com/su ... _form.html and include:
- screenshots of the connect error dialog, the Trusted and Issuers tab of the Manage Certificates dialog
- the content of the 'trusted' and 'issuers' folders of UaExpert's PKI store (click Open Certificate Location in the Manage Certificates dialog)
this behaviour is independent on the used OS, so your new Windows installation doesn't affect the behaviour.
Please enable the UaExpert settings 'General.DisableError.CertificateIssuerRevocationUnknown' and 'General.DisableError.CertificateRevocationUnknown' and then try connecting again to check if the problen is the missing CRL.
The error "Error invalid CA certificate [BadCertificateInvalid]" is a hint that UaExpert either cannot find the CA certificate that signed the server certificate, or that the CA certificate is not valid at all. Please check the "Issuers" tab in the "Manage Certificates" window if there are CA certificates and if they are valid.
If this doesn't help, please open a support request at https://webdav.unifiedautomation.com/su ... _form.html and include:
- screenshots of the connect error dialog, the Trusted and Issuers tab of the Manage Certificates dialog
- the content of the 'trusted' and 'issuers' folders of UaExpert's PKI store (click Open Certificate Location in the Manage Certificates dialog)
Best regards
Unified Automation Support Team
Unified Automation Support Team