BadCertificateHostNameInvalid

Questions regarding the use of the UaExpert.

Moderator: uaexpert

Post Reply
cacamille3
Hero Member
Hero Member
Posts: 73
Joined: 15 Feb 2012, 21:43

BadCertificateHostNameInvalid

Post by cacamille3 »

Hello,

I am using the latest UAExpert 1.4.0

When I try to connect with SecureMode Basic128Rsa15 - Sign or Sign/Encrypt or Basic256 - Sign or Sign/Encrypt
I get a warning Message in attachment.

This was not shown before.
Is there a way to know why ?
The SubjectAltName of my Certificate contains the same Urn as the Server Application Uri sent by my Server.

cacamille3
Hero Member
Hero Member
Posts: 73
Joined: 15 Feb 2012, 21:43

Re: BadCertificateHostNameInvalid

Post by cacamille3 »

up

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: BadCertificateHostNameInvalid

Post by Support Team »

Hello,

the error refers to the SubjectAlternativeName extension, which shall contain the server's hostname(s) and/or IP addresses. If you connect to the server using it's IP address and the certificate only contains the hostname (or the other way round), this error will be thrown.

Regards,
Unified Automation Support Team

cacamille3
Hero Member
Hero Member
Posts: 73
Joined: 15 Feb 2012, 21:43

Re: BadCertificateHostNameInvalid

Post by cacamille3 »

I have one valid URI but no IPAddresses nor DNSNames.
Are those required by the OPC specification ?

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: BadCertificateHostNameInvalid

Post by Support Team »

Hello,

the errors are obviously in the certificate of the Loytec Server. The certificate does not comply to the OPC Specification. The Server's certificate is either wrong, corrupted, or hacked(replaced) by someone else. UaExpert very clearly points to the issues that where found during validation of the server's certificate and it is reporting them as "warning" (orange color) to give you (the user/administrator) some more information on all the wrong(incomplete) certificate content. The decision is yours, if you still want to trust the Loytec Server, you can, but it is on your own risk.

You should contact the Loytec support and ask if and why they deploy wrong certificates. However, if the Loytec original certificate was correct, you might have forgery of certificates on your system.

Best Regards
Support Team

cacamille3
Hero Member
Hero Member
Posts: 73
Joined: 15 Feb 2012, 21:43

Re: BadCertificateHostNameInvalid

Post by cacamille3 »

The only missing stuff was the DNS Name. In the pre-installed Server certificate, it was present, but missing when creating a self-signed certificate.
Therer is no more warnings anymore now.

Post Reply