Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
sp_Search Search
Advanced Search
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Search Search
Go to Bottom
No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Use our own client certificate
October 21, 2021
9:08, EEST
Avatar
moosm
New Member
Members
Forum Posts: 2
Member Since:
October 21, 2021
sp_UserOfflineSmall Offline
Go to Top
1sp_Permalink sp_Print

Hello,
the OPC UA Browser works great!
As soon as I have saved our own CA in the “/PKI/CA/certs” folder, I can connect to the server because the server certificate is signed by this CA.
Our server does not accept all clients either, but also checks the private client certificate. After I imported the client certificate “/PKI/CA/private” into the server, everything works as it should.
Unfortunately it is not practical to import all private client certificates into the server. The server also trusts all certificates that are signed by our CA. So I created my own private client certificate for the OPC UA Browser and added it to the “/PKI/CA/private” folder. However, this certificate is not used because the OPC UA Browser automatically generates its own private certificate each time it is started, even if I have manually deleted this in the folder.
Is it possible that we can use our own certificate? Otherwise we unfortunately cannot use the program because we do not want to import the certificate of the OPC UA Browser on all servers. The servers should only trust our CA and therefore the Browser must use a certificate generated by us.
Thanks for the support!

October 21, 2021
11:14, EEST
Avatar
Matti Siponen
Moderator
Members

Moderators
Forum Posts: 349
Member Since:
February 11, 2020
sp_UserOfflineSmall Offline
Go to Top
2sp_Permalink sp_Print

Hello,

As long as the password of your private key is opcua and you use the same filenames that Browser would use (UaBrowser@”YourHostname”_2048 where “YourHostname” is your hostname), you should be able to replace Browser’s generated certificate’s public (DER) and private (PEM) keys located in .prosysopc\prosys-opc-ua-browser\PKI\CA\private with your own keys.

We’re aware that this is very inconvenient and we’re planning to make it easier for users to use their own certificates in some future release of Browser.

October 21, 2021
14:51, EEST
Avatar
moosm
New Member
Members
Forum Posts: 2
Member Since:
October 21, 2021
sp_UserOfflineSmall Offline
Go to Top
3sp_Permalink sp_Print

It actually works the way you described. This is a temporary solution that we can work fine with, but we are pleased that you are working on an easier way.
Thank you for the quick support!

No permission to create posts
sp_Feed All RSS
Go to top
Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
21 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 726

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuart, caitlynfajardo, jeromechubb7, franciscagrimwad, adult_gallery

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1