Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Server certificate verify disable

More
07 May 2021 04:51 #9650 by support
Hello.

If the communication is neither signed nor encrypted, the server does not have to check the client's certificate and vice versa. Maybe that can explain the behavior after you have set the time forward? But, QuickOPC should still check the validity of its own application certificate, so I would expect *this* check to fail, if you set the date forward by ten years. Anyway, this is not the kind of questions we are ready to pursue answering: the normal course of actions is to strive to make the applications secure, and not insecure.

Best regards

Please Log in or Create an account to join the conversation.

More
05 May 2021 14:36 #9647 by CHRDEI
Hello,
thank you for your fast reply.
In my server option i've already disabled certifcates verifies; in effect one time i enabled that for mistake and an invalid certificate dialog appeared on supervisor computer.
I understood the reason of safety, but i use OpcUa not for collect data, but like a principal comunication between supervisor software and our machines; i can't think every 4-5 years that machines will stop to work waiting my certificate uodate; this the reason of my question.

One more thing: i discovered this issue casually in these days and, in my old supervisor i didn't write the code that you suggest me; i tried on a machine to change the date of Supervisor Pc and of OpcUa Server ten years forward but no problems happened; do you think is enough to be sure that machines already delivered will not have this kind of problem?

Thank you in advance for your kindly reply

Best Regards
Christian

Please Log in or Create an account to join the conversation.

More
30 Apr 2021 17:35 #9633 by support
Hello,
you are probably looking for this:

- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User's...licy~AcceptAnyCertificate.html

or (more focused - for just some endpoint):

- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User's...TrustedEndpointUrlStrings.html

In both cases, what you end up with can be a security hole, because you are turning off a crucial part of OPC UA security.

The proper solution is to renew the certificates and trust list, before they expire.

In relation to certificate expiration dates, be aware that there is also a client ("yours") certificate, and it has expiration date too. If UA secure communication is used, the server should be checking the client's certificate and it expiration date, too.

Best regards

Please Log in or Create an account to join the conversation.

More
30 Apr 2021 14:51 #9632 by CHRDEI
Hello,
i wrote this request in Contact form before see that it is not for technical issuesì, i apologize for that.

with your product we develop .Net OpcUa client; OpcUa server is (in the most of cases) a Schneider PLC or Motion Controller.
Schneider suggest us to ask you if is possible to disable the server certificate verify becuase their certificate will expire in some years.

Thanks in advance for your kindly reply

Christian

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.051 seconds