Thank you.
You may close this case.

Michael

I think you are confusing the purpose or location (name) of the certificate stores. For description, see e.g. opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html .

When you remove the application certificate from C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs, you are removing it from the trusted peers certificate store. This is precisely equivalent to un-trusting it. So, no wonder that it is then reported as such. The QuickOPC behavior is as it should be.

If your intent was to remove the application certificate, you need to primarily delete it from C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault\certs and ...private.

You could use the Delete action on the Trusted Certificates tab - then it will do the right thing (and, it will remove it from related stores as well).
Or, you can use the "Remove own certificate" button in the lower part of the Application Certificate tab.

Best regards

Hi,

1. If I trust the certificate, the problem is solved.

2. No. This only happens when I delete the certificate file from the certificate store folder (C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs).

Thanks.

Michael

Hello.

1. If you make the certificate trusted again (on the Trusted Certificates tab), will things wokj then, or will it revert back to the same problem?

2. Can this be same/similar to the Application URI mismatch you reported before? I.e. can you check, on the Application Manifest tab, that the Application URI is precisely the same as the "Subject URL name" on the Application Certificate tab?

Regards

Hi,

Thank you for your answer.

1. OK. Please let me know when the new version is available.

2. See the Application Certificate screen capture below. I don't see any clue for why it is rejected.

Do you see the problem?

Thank you.

Michael

Hello.
There are 2 issues here:

1. The fact that the mentioned message is not clear (and the fact that it actually sometimes appear when it is not necessary) - it is a known issue that we have fixed internally already in the upcoming version 2023.2. It is currently planned to be released by November 28, 2023; possibly sooner. The recommendation is to wait for this version, and then upgrade to it.

2. The fact that the own certificate is rejected: Normally it should be accepted, but there are various circumstances under which it can be rejected (e.g. when it is expired, or possibly when there is the mismatch of the application URI we discussed?). When you switch the dialog to the "Application Certificate" tab, you might get an indication of why it has been rejected.

Best regards

Hi,

I have deleted our own certificate from the certificate store folder (C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs)

1. Then, I have opened our program (the OPC UA Client) and got the following error message:

The above message is not clear... You don't know which certificate is not trusted... Is it Okay?

2. Then I clicked on the Yes button and opened the Administer OPC UA Application dialog. This is what I got:

As you can see our own certificate was rejected. Is it Okay?

Thank you.

Michael