Hello,
I'm quite new on OPC UA communication.
I'm using UAExpert to connect to the OPC server. When launch connection I obtain a popup to trust the certificate sent by the PLC Simotion D425. I can trust it but I get 3 errors at each time I try to connect.
Unable to get local issuer certificate [BadCertificateChainIncomplete]
Unable to get certificate CRL [BadCertificateRevocationUnkwown]
Unable to verify the first certificate [BadCertificateChainIncomplete]
When contacting Siemens they tell me that this is because the server cannot manage client certificates and that I need to create my own and load it into the PLC.
Does this seems right?
From what I understand I would say there is a problem with the certificate in the PLC.
Fault at connection to OPC Server on PLC Simotion
Moderator: uaexpert
-
- Jr. Member
- Posts: 2
- Joined: 01 Dec 2020, 10:55
- Support Team
- Hero Member
- Posts: 3072
- Joined: 18 Mar 2011, 15:09
Re: Fault at connection to OPC Server on PLC Simotion
Hello,
Here you can find a more detailed documentation of the different security configuration aspects and the terms I use in my explanation:
https://documentation.unified-automation.com/uasdkcpp/1.7.3/html/L2UaDiscoveryConnect.html
The error codes indicate that the server is using a CA-signed certificate and have nothing to do with the capabilities of the server to manage trust of client certificates. CA is Certificate Authority.
If CA-signed certificates are used, you can only get rid of these errors if the client also gets a CA-signed certificate including the CA certificate chain and a certificate revocation list (CRL) for the CA certificate. This is typically done with an OPC UA Global Discovery Server (GDS).
If you are not managing a CA / GDS for your clients and servers, you can use self-signed certificates. This is the default for UaExpert. But I do not know how a self-signed certificate can be configured for the server you are using.
Here you can find a more detailed documentation of the different security configuration aspects and the terms I use in my explanation:
https://documentation.unified-automation.com/uasdkcpp/1.7.3/html/L2UaDiscoveryConnect.html
The error codes indicate that the server is using a CA-signed certificate and have nothing to do with the capabilities of the server to manage trust of client certificates. CA is Certificate Authority.
If CA-signed certificates are used, you can only get rid of these errors if the client also gets a CA-signed certificate including the CA certificate chain and a certificate revocation list (CRL) for the CA certificate. This is typically done with an OPC UA Global Discovery Server (GDS).
If you are not managing a CA / GDS for your clients and servers, you can use self-signed certificates. This is the default for UaExpert. But I do not know how a self-signed certificate can be configured for the server you are using.
Best regards
Unified Automation Support Team
Unified Automation Support Team