10:43, EET
April 12, 2018
Hi,
We have a couple of OPC UA devices in our lab, all of which have self-signed certificates. When we choose Sign or Sign&Encrypt Security Mode, the self-signed cert is presented and we have the option to accept once or accept permanently. When we accept permanently, the cert is stored in the trusted certs folder.
Now, my understanding is that this cert is the authentication root for all further communication with this device. Meaning, for all further communications, the cert from the device is checked if present in the trusted certs folder and validated. If the certificate expires after say 3 years, What is the behavior here? Would an exception be thrown that communication failed? Or would the user be prompted again to accept the certificate? If so, when the cert is accepted would the expired cert in the trusted certs folder be replaced by the new cert?
Thanks.
14:06, EET
Moderators
November 28, 2018
Hi,
Your understanding is correct. The certificate of your OPC UA application is checked each time a connection to another OPC UA application is being established. If you try to establish a connection with an expired cert, you will receive an exception.
In practice, you can think of handling certificate renewal similar to when establishing a secure connection between OPC UA parties for the first time. A new certificate needs to be created similarly and accepted by the other OPC UA application.
Most Users Ever Online: 518
Currently Online:
28 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
hbrackel: 135
pramanj: 86
Francesco Zambon: 81
rocket science: 77
Ibrahim: 76
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
fred: 41
Member Stats:
Guest Posters: 0
Members: 681
Moderators: 16
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1467
Posts: 6261
Newest Members:
graciela2073, sagarchau, elviralangwell4, Donnavek, Eddiefauth, DonaldPooma, fidelduke938316, Jan-Pfizer, DavidROunc, fen.pang@woodside.comModerators: Jouni Aro: 1010, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 983, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 26, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 321, Lusetti: 0, Ari-Pekka Soikkeli: 5
Administrators: admin: 1