BadCertificateChainIncomplete error
Posted: 07 Jan 2020, 13:42
Hi,
I observed the [BadCertificateChainIncomplete] issue when I use UaExpert talks to UaDemoServer which uses the chain of certificates.
Following the recommendation of thread https://forum.unified-automation.com/post3961.html,
I have put the CA certificate of the UaDemoServer in the UaExpert's 'trusted/certs' and 'issuers/certs' folder.
I set 'General.DisableError.CertificateIssuerRevocationUnknown' and 'General.DisableError.CertificateRevocationUnknown' in UaExpert's settings to true.
The Trust Status of the leaf certificate is Trusted.
But I still have the following 3 errors.
"unable to get local issuer certificate [BadCertificateChainIncomplete]
unable to get certificate CRL [BadCertificateRevocationUnknown]
unable to verify the first certificate [BadCertificateChainIncomplete]"
In another thread https://forum.unified-automation.com/post3978.html, it states that
"If the certificate contains a chained issuer and a CA, the server will send the public portions of the complete chain to the client for verification.".
I observed that only the leaf certificate was sent to the client instead of the complete chain.
Would you please clarify how can I ensure the UaDemoServer sends the complete chain to UaExpert client?
Do I miss any parameter/setting of the server certificate?
Thank you.
Regards,
I observed the [BadCertificateChainIncomplete] issue when I use UaExpert talks to UaDemoServer which uses the chain of certificates.
Following the recommendation of thread https://forum.unified-automation.com/post3961.html,
I have put the CA certificate of the UaDemoServer in the UaExpert's 'trusted/certs' and 'issuers/certs' folder.
I set 'General.DisableError.CertificateIssuerRevocationUnknown' and 'General.DisableError.CertificateRevocationUnknown' in UaExpert's settings to true.
The Trust Status of the leaf certificate is Trusted.
But I still have the following 3 errors.
"unable to get local issuer certificate [BadCertificateChainIncomplete]
unable to get certificate CRL [BadCertificateRevocationUnknown]
unable to verify the first certificate [BadCertificateChainIncomplete]"
In another thread https://forum.unified-automation.com/post3978.html, it states that
"If the certificate contains a chained issuer and a CA, the server will send the public portions of the complete chain to the client for verification.".
I observed that only the leaf certificate was sent to the client instead of the complete chain.
Would you please clarify how can I ensure the UaDemoServer sends the complete chain to UaExpert client?
Do I miss any parameter/setting of the server certificate?
Thank you.
Regards,