Hi everyone,

I was following the examples in order to establish a secure connection from our application to an OPC-UA server. My code goes like this:

uaClient = clientFactory.createClient(serverUrl);
ApplicationDescription appDescription = new ApplicationDescription();
appDescription.setApplicationName(new LocalizedText(“AppName”));
appDescription.setApplicationUri(“urn:test.com:OPCUA:AppName”);
appDescription.setProductUri(“urn:test.com:OPCUA:AppName”);
appDescription.setApplicationType(ApplicationType.Client);

File privatePath = new File(“./keys”, “private”);
// Create self-signed certificates
KeyPair issuerCertificate = null;
int[] keySizes = null;

ApplicationIdentity identity = ApplicationIdentity.loadOrCreateCertificate(
appDescription,
“CompanyName”,
“password”,
privatePath,
issuerCertificate,
keySizes,
true);

uaClient.setApplicationIdentity(identity);
uaClient.setSecurityMode(SecurityMode.BASIC128RSA15_SIGN_ENCRYPT);
uaClient.setValidateDiscoveredEndpoints(!debugMode);
uaClient.setInitTypeDictionaryOnConnect(false);

This works perfectly fine if I have set the OPC server to accept untrusted certificates. However, if I set it to accept only trusted certificates and add the certificate generated by the above code to its “trusted” folder (after converting from .der to .pem as this is required by the OPC server) the communication fails with the following error:
Failed to create secure channel to server
Bad_SecurityChecksFailed (0x80130000) “An error occurred verifying security
However, I noticed that a file with identical contents to my .pem placed in the “trusted” folder gets created in the “untrusted” folder of the server, but this time named “23AD68F5.0”. I tried restarting the OPC server and this time renamed my .pem to “23AD68F5.0” and placed it in the “trusted” folder and the communication works fine.

I have no idea where this 23AD68F5.0 comes from – can someone here explain? Why doesn’t it work if I set an arbitrary name for the certificate?