Remote UI SSL certificate issue - CA verification failed

[tpjctrl]

This is probably a fairly simple issue, but for the life of me I can't figure it out, so perhaps someone here can help.

I've got a server with the following SSL related entries in the config:

securityMode = "cert"
sslCertificate = "config/host-cert.pem"

and I'm trying to connect to it using a remote UI client, but getting this error in the Log Viewer:

Certificate /C=AT/ST=Burgenland/L=Einsenstadt/O=ETM professional control/OU-WinCC OA/CN=ETM CA verification failed, due to: self signed certificate in certificate chain

The client has the same SSL entries in the config and it's using the host-cert.pem files copied from the WinCC OA installation directory.

Is the above error for another certificate or do I need to copy smth else?

[leoknipp]

If you want to make your system secure you have to use own certificates.
The certificates which are part of the WinCC OA installation are just examples to show the possibility to use certificates.

When you do not want to use own certifactes you can simply run WinCC OA without certificates also as anyone who has WinCC OA will have the ability to use certificates which fit your project.

Best Regards
Leopold Knipp
Senior Support Specialist

[Andorhal]

Hello.

Your should have a look at the help (e.g. docu.winccoa.com).
https://www.winccoa.com/documentation/W ... ertificate
You are missing key and CA entry.

And yes, the productive usage of our delivered certificates is strongly prohibited!