Professional OPC
Development Tools

logos

lupa

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

  1. Forum
  3. Discussions
  5. QuickOPC-UA in .NET
  7. Connections, Reconnections, Certificates
  9. Can the Own certificate be rejected?

Can the Own certificate be rejected?

More
13 Nov 2023 14:13 #12360 by micham
Replied by micham on topic Can the Own certificate be rejected?
Thank you.
You may close this case.

Michael

Please Log in or Create an account to join the conversation.

More
12 Nov 2023 15:48 #12352 by support
Replied by support on topic Can the Own certificate be rejected?
I think you are confusing the purpose or location (name) of the certificate stores. For description, see e.g. opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html .

When you remove the application certificate from C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs, you are removing it from the trusted peers certificate store. This is precisely equivalent to un-trusting it. So, no wonder that it is then reported as such. The QuickOPC behavior is as it should be.

If your intent was to remove the application certificate, you need to primarily delete it from C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault\certs and ...private.

You could use the Delete action on the Trusted Certificates tab - then it will do the right thing (and, it will remove it from related stores as well).
Or, you can use the "Remove own certificate" button in the lower part of the Application Certificate tab.

Best regards

Please Log in or Create an account to join the conversation.

More
12 Nov 2023 14:15 #12351 by micham
Replied by micham on topic Can the Own certificate be rejected?
Hi,

1. If I trust the certificate, the problem is solved.

2. No. This only happens when I delete the certificate file from the certificate store folder (C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs).

Thanks.

Michael

Please Log in or Create an account to join the conversation.

More
12 Nov 2023 13:02 #12350 by support
Replied by support on topic Can the Own certificate be rejected?
Hello.

1. If you make the certificate trusted again (on the Trusted Certificates tab), will things wokj then, or will it revert back to the same problem?

2. Can this be same/similar to the Application URI mismatch you reported before? I.e. can you check, on the Application Manifest tab, that the Application URI is precisely the same as the "Subject URL name" on the Application Certificate tab?

Regards

Please Log in or Create an account to join the conversation.

More
12 Nov 2023 07:55 #12349 by micham
Replied by micham on topic Can the Own certificate be rejected?
Hi,

Thank you for your answer.

1. OK. Please let me know when the new version is available.

2. See the Application Certificate screen capture below. I don't see any clue for why it is rejected.

Do you see the problem?

Thank you.

Michael
Attachments:

Please Log in or Create an account to join the conversation.

More
11 Nov 2023 16:45 #12348 by support
Replied by support on topic Can the Own certificate be rejected?
Hello.
There are 2 issues here:

1. The fact that the mentioned message is not clear (and the fact that it actually sometimes appear when it is not necessary) - it is a known issue that we have fixed internally already in the upcoming version 2023.2. It is currently planned to be released by November 28, 2023; possibly sooner. The recommendation is to wait for this version, and then upgrade to it.

2. The fact that the own certificate is rejected: Normally it should be accepted, but there are various circumstances under which it can be rejected (e.g. when it is expired, or possibly when there is the mismatch of the application URI we discussed?). When you switch the dialog to the "Application Certificate" tab, you might get an indication of why it has been rejected.

Best regards

Please Log in or Create an account to join the conversation.

More
11 Nov 2023 15:03 #12347 by micham
Can the Own certificate be rejected? was created by micham
Hi,

I have deleted our own certificate from the certificate store folder (C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs)

1. Then, I have opened our program (the OPC UA Client) and got the following error message:

The above message is not clear... You don't know which certificate is not trusted... Is it Okay?

2. Then I clicked on the Yes button and opened the Administer OPC UA Application dialog. This is what I got:

As you can see our own certificate was rejected. Is it Okay?

Thank you.

Michael
Attachments:

Please Log in or Create an account to join the conversation.

Moderators: support
  1. Forum
  3. Discussions
  5. QuickOPC-UA in .NET
  7. Connections, Reconnections, Certificates
  9. Can the Own certificate be rejected?
Time to create page: 0.069 seconds