Non self signed certificate

Questions regarding the use of the UaExpert.

Moderator: uaexpert

Post Reply
Flarup
Jr. Member
Jr. Member
Posts: 1
Joined: 29 Jan 2020, 09:43

Non self signed certificate

Post by Flarup »

I'm trying to connect UAExpert to an OPC UA server with certificates.
To do this I generate a certificate with a CA, but how do I make UAExpert use that.

Even if I set a certificate in the server settings, then UAExpert is using .config/unifiedautomation/uaexpert/PKI/own/certs/uaexpert.der

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Non self signed certificate

Post by Support Team »

Hi,

what you try to do is not possible. The UaExpert (like all other good OPC UA implementations) creates a self-signed sertificate. This certificate can be "signed by" a CA. For that the application must create a "signing request", and the CA must sign the certificate. What you get in return from the CA can than be used. However you can not (and should not) use the CA certificate directly (it does not match your private key).

On the server side you must trust the UaExperts self-signed cert OR alternatively you can trust the CA-signed OR you trust the CA (and everything that this CA has signed)
Best regards
Unified Automation Support Team

spratt88
Jr. Member
Jr. Member
Posts: 1
Joined: 28 Jul 2021, 20:48

Re: Non self signed certificate

Post by spratt88 »

How do you create a CSR from UAExpert?

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Non self signed certificate

Post by Support Team »

Hi,

in UaExpert v1.5.x series you can't CSR for UaExpert. However, the UaExpert (GDS Push View) can ask UA Servers to CSR and can push new (self-signed or CA-signed) certificates down to the UA Server. In that case UaExpert act as a GDS-Client (with "Push" functionality), but UaExpert can not be the CA and can not act as a full blown GDS.

in UaExpert v1.6.x series there will be more GDS featured functionalities coming up, including the ability of UaExpert to register itself to an external GDS and the ability to CSR for itself with that GDS.
Best regards
Unified Automation Support Team

Post Reply