OPCUA incorrect server certificate

Discussions about product bugs & problems!
Note: This is no replacement for the Official ETM Support!
Search

Post Reply
6 posts • Page 1 of 1
DmSilkin
Posts: 23
Joined: Wed Jun 03, 2020 9:26 am

OPCUA incorrect server certificate

Post by DmSilkin »

Hello!
Recently, I'm using WinCCOA 3.17 P014. I found in documentation that since P011 it is possible to ignore certificate problems on the remote OPCUA server's side by setting _OPCUAServer.Config.Flags bit 9 to 1.
The value of this DPE (_MOL1.Config.Flags) now 00000000010000000000001000000000.
I also moved the cert to the folder data/opcua/client/PKI/CA/certs, but still i get errors when opcua client connects to server.

Code: Select all

WCCOAopcua (80), 2021.11.29 09: 33: 03.390, SYS, INFO, 156, Driver initialization finished.
WCCOAopcua (80), 2021.11.29 09: 33: 03.808, PARAM, WARNING, 71 / opcua, OpcUaCComm in initSecurity function, OPC UA client uses default certificate. Configure your own certificate for proper security.
WCCOAopcua (80), 2021.11.29 09: 33: 04.198, SYS, WARNING, 56 / opcua, OpcUaCComm in connect function, certificate MOL1 (opc.tcp://MOLUASERVER:4840) expired. Establishing a connection.
WCCOAopcua (80), 2021.11.29 09: 33: 04.761, SYS, SEVERE, 45 / opcua, OpcUaCComm in connect function, unable to connect to server EXAMPLEMOLD1 (opc.tcp://MOLUASERVER:4840) (Status code: BadCertificateTimeInvalid) 

User avatar
kilianvp
Posts: 337
Joined: Fri Jan 16, 2015 10:29 am

Re: OPCUA incorrect server certificate

Post by kilianvp »

Its not a certifcate error. BadCertificateTimeInvalid means the time on the different systems are not synchronized.
OPC UA security requires synchronized clocks. The requirements for precision of the synchronization are low but a similar time must be ensured.

DmSilkin
Posts: 23
Joined: Wed Jun 03, 2020 9:26 am

Re: OPCUA incorrect server certificate

Post by DmSilkin »

The remote OPCUA Server has a different timezone (UTC+1 vs mine UTC+3) - is that the reason of TimeInvalid?

User avatar
kilianvp
Posts: 337
Joined: Fri Jan 16, 2015 10:29 am

Re: OPCUA incorrect server certificate

Post by kilianvp »

The Date and Year are the same?

DmSilkin
Posts: 23
Joined: Wed Jun 03, 2020 9:26 am

Re: OPCUA incorrect server certificate

Post by DmSilkin »

Yes, date and year are the same.
I still suppose that the reason of connection problem is a certificate.
I can't attach the picture, but if I connect to the OPCUA server via UaExpert I algo get warnings like:
certificate has expired [BadCertificateTimeInvalid]
...
validity:
Valid From: 02.04.2000
Valid To: 31.03.2010

gschijndel
Posts: 242
Joined: Tue Jan 15, 2019 3:12 pm

Re: OPCUA incorrect server certificate

Post by gschijndel »

DmSilkin wrote: Mon Nov 29, 2021 7:44 am Recently, I'm using WinCCOA 3.17 P014. I found in documentation that since P011 it is possible to ignore certificate problems on the remote OPCUA server's side by setting _OPCUAServer.Config.Flags bit 9 to 1.
The value of this DPE (_MOL1.Config.Flags) now 00000000010000000000001000000000.
Perhaps you are off by 1

Post Reply
6 posts • Page 1 of 1