cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X

Requirement: Trust certificate from few clients automatically

Go to solution
AK_00908976996
4-Participant
4-Participant
‎Aug 29, 2024 02:43 AM
‎Aug 29, 2024 02:43 AM

Requirement: Trust certificate from few clients automatically

Goal: I have multiple OPC UA Clients who will connect to the OPC UA Server (Kepserver). Trust every client is getting difficult. I cannot make the Security Policy to "None".

I have created a common CA. Created a server pfx file and imported in Kepserver in OPC UA Configuration Manager>Instance Certificates. 
Imported the CA.dar file in Trusted Client List.
I have created certificates and private keys for Uaexpert and signed them with the same CA.
Created CRL and pasted in C:\ProgramData\Kepware\KEPServerEX\V6\UA\Server\crl

Still I am facing problem while connecting.

AK_10962908_0-1724913658348.png

Is it possible to do this? Is there any other process to achieve the goal? 
Please guide me.

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
AK_00908976996
4-Participant
4-Participant
(To:AK_00908976996)
‎Sep 05, 2024 01:40 PM
‎Sep 05, 2024 01:40 PM

I found one way-around to it.
I have created a CA and Imported it into the Trusted Client. 
I have created Certificate and Private key with same CA certificate, which I imported into Trust Client.
Used the .der and .pem files in the OPC UA Client. 
Client (UaExpert) got connected with the server with Basic256Sha256 without trusting the client certificate. 

I generated another set of certificate and key for another client ( SiOME) with the help of same CA. 
SiOME also got connected. In this case also Server doesnot required to Trust the Client certificate. 
 

View solution in original post

0 Kudos
Notify Moderator
6 REPLIES 6
MKhatri
13-Aquamarine
13-Aquamarine
(To:AK_00908976996)
‎Aug 29, 2024 09:41 AM
‎Aug 29, 2024 09:41 AM

Hello,


I hope this email finds you well.

Thank you for reaching out regarding the addition of a certificate. Kindly refer to the article provided in the link below for detailed instructions on how to proceed:

https://www.ptc.com/en/support/article/CS324697

 

Should you require any further assistance or clarification, please do not hesitate to contact me.

Thank you for your attention to this matter.


Regards,

Mohit

Notify Moderator
RZ_11720924
3-Visitor
3-Visitor
(To:MKhatri)
‎Aug 30, 2024 03:44 AM
‎Aug 30, 2024 03:44 AM

Can KEPSERVEREX run a windows service in the interactive mode or KEPSERVER can use ODBC client generate tags in windows service as runtime?

PLS help me thanks a lot.

0 Kudos
Notify Moderator
MKhatri
13-Aquamarine
13-Aquamarine
(To:RZ_11720924)
‎Aug 30, 2024 11:26 AM
‎Aug 30, 2024 11:26 AM

Hello,

Yes sir, Kepserverex can be run into Interactive mode.
Please find below article for explanation about interactive mode.


https://www.ptc.com/en/support/article/CS313312
https://www.ptc.com/en/support/article/CS315672
https://www.ptc.com/en/support/article/CS407759

Should you require any further assistance or clarification, please do not hesitate to contact me.

Thank you for your attention to this matter.

 

Regards,

Mohit

 

Notify Moderator
AK_00908976996
4-Participant
4-Participant
(To:MKhatri)
‎Sep 02, 2024 07:32 AM
‎Sep 02, 2024 07:32 AM

I am very new to security policies and has limited knowledge around this.

In my current requirement, I have 1 OPC UA Server ( Kepserver) and Multiple clients. 
System Administrator does not want to trust each client each time. 
He needs some solution where, all clients should automatically gets connected without trusting. 

What I understand after researching 
1. We can achieve the same if The Server Certificate and all client certificates are signed by a common CA. 
2. If CA is already trusted on the OPC UA Server. 
3. By Using some GDS Push Pull Server. ( PKI )
I am not able to find anything on the web how to perform with specifically with Kepserver. 

I need to do some PoC to test this functionality (With Kepserver and UA Expert and some other OPCUA client).  Need your support on this.



Notify Moderator
AK_00908976996
4-Participant
4-Participant
(To:AK_00908976996)
‎Sep 05, 2024 01:40 PM
‎Sep 05, 2024 01:40 PM

I found one way-around to it.
I have created a CA and Imported it into the Trusted Client. 
I have created Certificate and Private key with same CA certificate, which I imported into Trust Client.
Used the .der and .pem files in the OPC UA Client. 
Client (UaExpert) got connected with the server with Basic256Sha256 without trusting the client certificate. 

I generated another set of certificate and key for another client ( SiOME) with the help of same CA. 
SiOME also got connected. In this case also Server doesnot required to Trust the Client certificate. 
 

0 Kudos
Notify Moderator
MKhatri
13-Aquamarine
13-Aquamarine
(To:AK_00908976996)
‎Sep 06, 2024 01:42 PM
‎Sep 06, 2024 01:42 PM

Hello,

I am glad you were able to achieve the needed output.  

 

Regards,

Mohit

Notify Moderator
Announcements

Contact Community Management
Top Tags