Fault at connection to OPC Server on PLC Simotion

Questions regarding the use of the UaExpert.

Moderator: uaexpert

Post Reply
imartinez
Jr. Member
Jr. Member
Posts: 2
Joined: 01 Dec 2020, 10:55

Fault at connection to OPC Server on PLC Simotion

Post by imartinez »

Hello,

I'm quite new on OPC UA communication.

I'm using UAExpert to connect to the OPC server. When launch connection I obtain a popup to trust the certificate sent by the PLC Simotion D425. I can trust it but I get 3 errors at each time I try to connect.

Unable to get local issuer certificate [BadCertificateChainIncomplete]
Unable to get certificate CRL [BadCertificateRevocationUnkwown]
Unable to verify the first certificate [BadCertificateChainIncomplete]

When contacting Siemens they tell me that this is because the server cannot manage client certificates and that I need to create my own and load it into the PLC.

Does this seems right?

From what I understand I would say there is a problem with the certificate in the PLC.

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Fault at connection to OPC Server on PLC Simotion

Post by Support Team »

Hello,

Here you can find a more detailed documentation of the different security configuration aspects and the terms I use in my explanation:
https://documentation.unified-automation.com/uasdkcpp/1.7.3/html/L2UaDiscoveryConnect.html

The error codes indicate that the server is using a CA-signed certificate and have nothing to do with the capabilities of the server to manage trust of client certificates. CA is Certificate Authority.

If CA-signed certificates are used, you can only get rid of these errors if the client also gets a CA-signed certificate including the CA certificate chain and a certificate revocation list (CRL) for the CA certificate. This is typically done with an OPC UA Global Discovery Server (GDS).

If you are not managing a CA / GDS for your clients and servers, you can use self-signed certificates. This is the default for UaExpert. But I do not know how a self-signed certificate can be configured for the server you are using.
Best regards
Unified Automation Support Team

Post Reply