Page 1 of 1

Non self signed certificate

Posted: 29 Jan 2020, 12:56
by Flarup
I'm trying to connect UAExpert to an OPC UA server with certificates.
To do this I generate a certificate with a CA, but how do I make UAExpert use that.

Even if I set a certificate in the server settings, then UAExpert is using .config/unifiedautomation/uaexpert/PKI/own/certs/uaexpert.der

Re: Non self signed certificate

Posted: 28 Apr 2020, 18:42
by Support Team
Hi,

what you try to do is not possible. The UaExpert (like all other good OPC UA implementations) creates a self-signed sertificate. This certificate can be "signed by" a CA. For that the application must create a "signing request", and the CA must sign the certificate. What you get in return from the CA can than be used. However you can not (and should not) use the CA certificate directly (it does not match your private key).

On the server side you must trust the UaExperts self-signed cert OR alternatively you can trust the CA-signed OR you trust the CA (and everything that this CA has signed)