Page 1 of 1

Certificates - what do I really need?

Posted: 24 Jun 2020, 15:50
by ThomasTIP
Hi all,

I'm new to OPC, and I'm having trouble understanding what all those certificates are about.

As I understand it so far, the client needs a certificate and the server needs a certificate.
When the client first starts, I need to specify or create a certificate.
Question 1: I looked at the samples and the documentation of CreateCertificateSettings. Which fields in there are mandatory and why? For instance, what effect would it have if I omit the application name or the organization? At what point will that haunt me later?

The first time a client connects to a server, the server will provide its certificate, which the client must trust.
Then, the client certificate also needs to be trusted on the server side. However, the OPC server of my customer returns BadCertificateUntrusted, even though the OPCServer.xml.config has AutoAcceptUntrustedCertificates set to true. I also don't see any certificate in the pki\rejected folder on the server.
Question 2: what am I missing to make the server accept the client certificate?

Bonus question: OPCServer.xml.config defines a base address for opc.tcp with port 58100. However, I can only connect to that server over port 4840. Why is that?

Re: Certificates - what do I really need?

Posted: 22 Jul 2020, 17:39
by ThomasTIP
I got it working locally and found these answers for myself:

@Question 1: I use all fields from the samples, for good or bad
@Question 2: there were a few server configuration issues, after they were solved the connection works fine (incorrectly configured and communicated endpoints, user inactive because of licensing, ...)
@Bonus question: see @2