Hi,
Is there any workaround to handle hostname validation in application certificate when dockrizing OPC UA client app, currently we are facing issue related to host name binding in application certificate as we can not predict the pods hostname, is there any option to skip hostname in certificate or any option to generate the self signed certificate according to the pod hostname
OPC UA .Net SDK Docker client
Moderator: uasdknet
-
Support Team
- Hero Member
- Posts: 3073
- Joined: 18 Mar 2011, 15:09
Re: OPC UA .Net SDK Docker client
Hi,
the hostname validation is a security feature as of OPC UA to detect "man in the middle" attacks. The docker autogenerated hostname can typically be changed within your docker compose yml. Command is "hostname: xxxhostxxx"
This is required because the x509 certificates (autogenerated at first startup) will incorporate the hostname, hence also all trust relations to other peers would be broken (need again being trusted), and you OPC UA communictaion get screwed up, if you randomly change hostname each time you start the docker, and recreate the certificates each time on startup.
the hostname validation is a security feature as of OPC UA to detect "man in the middle" attacks. The docker autogenerated hostname can typically be changed within your docker compose yml. Command is "hostname: xxxhostxxx"
This is required because the x509 certificates (autogenerated at first startup) will incorporate the hostname, hence also all trust relations to other peers would be broken (need again being trusted), and you OPC UA communictaion get screwed up, if you randomly change hostname each time you start the docker, and recreate the certificates each time on startup.
Best regards
Unified Automation Support Team
Unified Automation Support Team