OPC UA - Ignore Certificate Dialog

Hy,

I try do create OPC UA connection over .Net but there I ran into the problem. I always get the following dialog when I make the connection:

The checkbox doesn’t work!

I never wanna see this dialog, please help!

Thx & Regards
Feature

You can try throwing some salt over your shoulder.

Let’s see what is not working. Can you trust the certificate on VC side and Server side, and then save and reload layout to test the connection again? You could also try to add multiple server connections to same OPC UA server in your layout.

You can find the logs and trusted certs in app data for your VC product, example path as follows.

C:\Users%username%\AppData\Local\Visual Components\Visual Components Premium 4.4\OpcUA

At least support or developer would need clear way to reproduce it. I’ve encountered this once before but that was when my server’s user rights and permissions were being modified to do performance tests.

Hy @zesty,

Thx for reply!

Do VC only accept pxf-certificates? → I have the problem with a certificat with ends “.der”

Thx & Regards
Feature

Your server-side certificate is not valid. The X.509 certificate validation process is complex, but surely there are tools that can tell you what is wrong with it. You could also check the VC log file for any additional info.

Common validity issues are using a self-signed certificate, expired certificate, incorrectly defined domain in the certificate, and domain in the certifcate not matching the actual domain of the server.

Further info about certificates and their validation process:
https://documentation.unified-automation.com/uasdknet/3.1.0/html/L2UaDiscoveryConnect.html#DiscoveryConnect_Certificates

https://documentation.unified-automation.com/uasdknet/3.1.0/html/L2BaseLibCertValidation.html

Hy @TSy,

but why everything works when I trust the certificat and the Checkbox do not work?

Thx & Regards
Feature

Probably you are not allowed to permanently trust an invalid certificate. It could mean that trusting a once valid certificate that then becomes invalid due to validity period end would still be trusted.

Generally you should never trust invalid certificates and in my opinion VC shouldn’t even allow that in the first place. If you don’t have valid certificates set up, just don’t bother using secure endpoints either.

Hy,

I get the same Dialog with UaExpert when connect with this OPC-Server.

image

The difference to VC OpcUa Client is when I select “Accept this certificate permanently” the message do not appear again!

Why is there a difference behavior and in VC the checkbox doesn’t work?

Thx & Regards
Feature