Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Use our own client certificate
October 21, 2021
9:08, EEST
Avatar
moosm
New Member
Members
Forum Posts: 2
Member Since:
October 21, 2021
sp_UserOfflineSmall Offline

Hello,
the OPC UA Browser works great!
As soon as I have saved our own CA in the “/PKI/CA/certs” folder, I can connect to the server because the server certificate is signed by this CA.
Our server does not accept all clients either, but also checks the private client certificate. After I imported the client certificate “/PKI/CA/private” into the server, everything works as it should.
Unfortunately it is not practical to import all private client certificates into the server. The server also trusts all certificates that are signed by our CA. So I created my own private client certificate for the OPC UA Browser and added it to the “/PKI/CA/private” folder. However, this certificate is not used because the OPC UA Browser automatically generates its own private certificate each time it is started, even if I have manually deleted this in the folder.
Is it possible that we can use our own certificate? Otherwise we unfortunately cannot use the program because we do not want to import the certificate of the OPC UA Browser on all servers. The servers should only trust our CA and therefore the Browser must use a certificate generated by us.
Thanks for the support!

October 21, 2021
11:14, EEST
Avatar
Matti Siponen
Moderator
Members

Moderators
Forum Posts: 319
Member Since:
February 11, 2020
sp_UserOfflineSmall Offline

Hello,

As long as the password of your private key is opcua and you use the same filenames that Browser would use (UaBrowser@”YourHostname”_2048 where “YourHostname” is your hostname), you should be able to replace Browser’s generated certificate’s public (DER) and private (PEM) keys located in .prosysopc\prosys-opc-ua-browser\PKI\CA\private with your own keys.

We’re aware that this is very inconvenient and we’re planning to make it easier for users to use their own certificates in some future release of Browser.

October 21, 2021
14:51, EEST
Avatar
moosm
New Member
Members
Forum Posts: 2
Member Since:
October 21, 2021
sp_UserOfflineSmall Offline

It actually works the way you described. This is a temporary solution that we can work fine with, but we are pleased that you are working on an easier way.
Thank you for the quick support!

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 518

Currently Online:
20 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 135

pramanj: 86

Francesco Zambon: 81

ibrahim: 75

rocket science: 75

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

TimK: 41

Member Stats:

Guest Posters: 0

Members: 707

Moderators: 16

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1465

Posts: 6252

Newest Members:

christi10l, ahamad1, Flores Frederick, ellenmoss, harriettscherer, shanonhumphreys, KupimotoblokfuB, tamhollander5, paulinafcf, bridgette18l

Moderators: Jouni Aro: 1009, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 982, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 26, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 319, Lusetti: 0, Ari-Pekka Soikkeli: 5

Administrators: admin: 1