Page 1 of 1
Non self signed certificate
Posted: 29 Jan 2020, 12:56
by Flarup
I'm trying to connect UAExpert to an OPC UA server with certificates.
To do this I generate a certificate with a CA, but how do I make UAExpert use that.
Even if I set a certificate in the server settings, then UAExpert is using .config/unifiedautomation/uaexpert/PKI/own/certs/uaexpert.der
Re: Non self signed certificate
Posted: 28 Apr 2020, 18:42
by Support Team
Hi,
what you try to do is not possible. The UaExpert (like all other good OPC UA implementations) creates a self-signed sertificate. This certificate can be "signed by" a CA. For that the application must create a "signing request", and the CA must sign the certificate. What you get in return from the CA can than be used. However you can not (and should not) use the CA certificate directly (it does not match your private key).
On the server side you must trust the UaExperts self-signed cert OR alternatively you can trust the CA-signed OR you trust the CA (and everything that this CA has signed)
Re: Non self signed certificate
Posted: 28 Jul 2021, 20:49
by spratt88
How do you create a CSR from UAExpert?
Re: Non self signed certificate
Posted: 29 Jul 2021, 08:44
by Support Team
Hi,
in UaExpert v1.5.x series you can't CSR for UaExpert. However, the UaExpert (GDS Push View) can ask UA Servers to CSR and can push new (self-signed or CA-signed) certificates down to the UA Server. In that case UaExpert act as a GDS-Client (with "Push" functionality), but UaExpert can not be the CA and can not act as a full blown GDS.
in UaExpert v1.6.x series there will be more GDS featured functionalities coming up, including the ability of UaExpert to register itself to an external GDS and the ability to CSR for itself with that GDS.