I am very new to OPC-UA and am using UAExpert as a test tool in order to validate the format of self-signed certificates I generate for a Panorama E² OPC-UA server.
I experience some problems during the connexion step and get this errors :
- unable to get local issuer certificate [BadCertificateChainIncomplete]
- unable to get certificate CRL [BadCertificateRevocationUnknown)
- unable to verify the first certificate [BadCertificateChainIncomplete]
What is also a bit confusing for me is that I get these errors when I work localy on my server (OPC-UA server and UAExpert on the same machine) but I can't reproduce this when I work on a VM or a computer (both client and server on the same machine too).
I am using the same Panorama E² software, same UAExpert version, same certificate.
Here is the Powershell script I use for certificate generation :
$Cert = New-SelfSignedCertificate `
-Type SSLServerAuthentication `
-Subject "CN=Panorama Composer OPC UA Server,DC=10.14.22.169" `
-HashAlgorithm sha256 `
-KeyAlgorithm RSA `
-KeyLength 4096 `
-KeyExportPolicy Exportable `
-Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
-KeySpec KeyExchange `
-NotAfter (Get-Date).AddYears(5) `
-CertStoreLocation "Cert:\LocalMachine\My" `
-KeyUsage DigitalSignature,NonRepudiation,KeyEncipherment,DataEncipherment `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1","2.5.29.17={text}URL=urn:localhost:CODRA:Panorama Composer OPC UA Server&DNS=10.14.22.169")
Export-Certificate -Cert $Cert -FilePath C:\temp\certificate.der
$CertPasswordEmpty = new-object System.Security.SecureString
Export-PfxCertificate -Cert $Cert -FilePath C:\temp\certificate.pfx -Password $CertPasswordEmpty
I'd like to know if someone has already experienced such things using UAexpert and self-signed certificate, if there is a mistake in the script I use to generate certifiates, and why I get different results when I work on the server or on my computer/VM
Thanks in advance for your answers and you help
Regards,
Ewen