0

OPC-UA Collector Certificate

Good Day All,  Version 23.2.1.2409

I have an OPC-UA server that I am attempting to connect to with my Canary OPC-UA collector.  The OPC-UA server requires secure connection, leveraging certificates, no username & password.  The server sees the connection attempt by the Canary Collector when I click "Browse." On the Canary side I get "Oops, an error occurred while browsing nodes....."  On the server I accept the certificate as trusted.  I attempt to browse again from the collector but I get the same "Oops" error and a new rejected certificate shows up on my OPC-UA server, this happens over and over.  In the server's manual, for testing using UAExpert, the certificate Security Policy shall be set to Basic256Sha256.  I see that the certificate policy that the Canary Collector uses is sha512RSA.  I'm thinking I need to change the collector's policy to match, at sha256RSA, but have no idea how to do this.  Also, I don't know if this matters but the collector's certificate has a "Valid from" date that is a month and a half into the future.  The successful connection using UAExpert has a "Valid from" date that is the date it was generated.  Any help would be much appreciated.  Thank you in advance!

Regards,

Tim

2 replies

null
    • smason
    • 3 days ago
    • Reported - view

    Hi ,

    Are you using the self-signed certificate that Canary generates or are you using your own that you have installed? The reason I ask is we made a change to how we generate that cert in v23, but it may still be using the old cert if this is coming from an older version. To get the software to use the new cert, you would need to stop all services on that machine and delete the current cert from the personal store. When you start the services back up, it will create the new self-signed cert which you can then try to connect with.

    • timothy_vertin
    • 3 days ago
    • Reported - view

    Good Morning Steve,

    Thank you for the quick reply.  As it turns out, we do have our own certificate that I should have been using, I will be working with my network engineers to run this down.  Thank you!

    Regards,

    Tim

Content aside

print this pagePrint this page
  • 3 days agoLast active
  • 2Replies
  • 7Views
  • 2 Following