Goal: I have multiple OPC UA Clients who will connect to the OPC UA Server (Kepserver). Trust every client is getting difficult. I cannot make the Security Policy to "None".
I have created a common CA. Created a server pfx file and imported in Kepserver in OPC UA Configuration Manager>Instance Certificates.
Imported the CA.dar file in Trusted Client List.
I have created certificates and private keys for Uaexpert and signed them with the same CA.
Created CRL and pasted in C:\ProgramData\Kepware\KEPServerEX\V6\UA\Server\crl
Still I am facing problem while connecting.
Is it possible to do this? Is there any other process to achieve the goal?
Please guide me.
Solved! Go to Solution.
I found one way-around to it.
I have created a CA and Imported it into the Trusted Client.
I have created Certificate and Private key with same CA certificate, which I imported into Trust Client.
Used the .der and .pem files in the OPC UA Client.
Client (UaExpert) got connected with the server with Basic256Sha256 without trusting the client certificate.
I generated another set of certificate and key for another client ( SiOME) with the help of same CA.
SiOME also got connected. In this case also Server doesnot required to Trust the Client certificate.
Hello,
I hope this email finds you well.
Thank you for reaching out regarding the addition of a certificate. Kindly refer to the article provided in the link below for detailed instructions on how to proceed:
https://www.ptc.com/en/support/article/CS324697
Should you require any further assistance or clarification, please do not hesitate to contact me.
Thank you for your attention to this matter.
Regards,
Mohit
Can KEPSERVEREX run a windows service in the interactive mode or KEPSERVER can use ODBC client generate tags in windows service as runtime?
PLS help me thanks a lot.
Hello,
Yes sir, Kepserverex can be run into Interactive mode.
Please find below article for explanation about interactive mode.
https://www.ptc.com/en/support/article/CS313312
https://www.ptc.com/en/support/article/CS315672
https://www.ptc.com/en/support/article/CS407759
Should you require any further assistance or clarification, please do not hesitate to contact me.
Thank you for your attention to this matter.
Regards,
Mohit
I am very new to security policies and has limited knowledge around this.
In my current requirement, I have 1 OPC UA Server ( Kepserver) and Multiple clients.
System Administrator does not want to trust each client each time.
He needs some solution where, all clients should automatically gets connected without trusting.
What I understand after researching
1. We can achieve the same if The Server Certificate and all client certificates are signed by a common CA.
2. If CA is already trusted on the OPC UA Server.
3. By Using some GDS Push Pull Server. ( PKI )
I am not able to find anything on the web how to perform with specifically with Kepserver.
I need to do some PoC to test this functionality (With Kepserver and UA Expert and some other OPCUA client). Need your support on this.
I found one way-around to it.
I have created a CA and Imported it into the Trusted Client.
I have created Certificate and Private key with same CA certificate, which I imported into Trust Client.
Used the .der and .pem files in the OPC UA Client.
Client (UaExpert) got connected with the server with Basic256Sha256 without trusting the client certificate.
I generated another set of certificate and key for another client ( SiOME) with the help of same CA.
SiOME also got connected. In this case also Server doesnot required to Trust the Client certificate.
Hello,
I am glad you were able to achieve the needed output.
Regards,
Mohit