Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
sp_Search Search
Advanced Search
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Search Search
Go to Bottom
No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Behavior of OPC UA certs that are accepted permanently and expires in future
November 29, 2018
10:43, EET
Avatar
Anusha
Member
Members
Forum Posts: 6
Member Since:
April 12, 2018
sp_UserOfflineSmall Offline
Go to Top
1sp_Permalink sp_Print

Hi,

We have a couple of OPC UA devices in our lab, all of which have self-signed certificates. When we choose Sign or Sign&Encrypt Security Mode, the self-signed cert is presented and we have the option to accept once or accept permanently. When we accept permanently, the cert is stored in the trusted certs folder.

Now, my understanding is that this cert is the authentication root for all further communication with this device. Meaning, for all further communications, the cert from the device is checked if present in the trusted certs folder and validated. If the certificate expires after say 3 years, What is the behavior here? Would an exception be thrown that communication failed? Or would the user be prompted again to accept the certificate? If so, when the cert is accepted would the expired cert in the trusted certs folder be replaced by the new cert?

Thanks.

December 3, 2018
14:06, EET
Avatar
Teppo Uimonen
Member
Members
Forum Posts: 21
Member Since:
November 28, 2018
sp_UserOfflineSmall Offline
Go to Top
2sp_Permalink sp_Print

Hi,

Your understanding is correct. The certificate of your OPC UA application is checked each time a connection to another OPC UA application is being established. If you try to establish a connection with an expired cert, you will receive an exception.

In practice, you can think of handling certificate renewal similar to when establishing a secure connection between OPC UA parties for the first time. A new certificate needs to be created similarly and accepted by the other OPC UA application.

No permission to create posts
sp_Feed All RSS
Go to top
Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
13 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 730

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

rondawolinski7, Marypof5711, roycedelargie91, kourtneyquisenbe, ellis87832073466, zkxwilliemae, gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1