I'm using Open62541 1.1 with mbedtls and allow client authentication using certificates.
This has worked fine for a couple years, but I am no longer able to generate certificates that work. I always get the following error:
Verifying the certificate failed with error: The certificate is not correctly signed by the trusted CA
info/network Connection 25 | Processing the message failed with error BadCertificateUntrusted
According to "openssl verify" the certificate presented by the client is properly signed by one of the CA certificates in the OPC UA server's trusted list.
How does one troubleshoot certificate validation failures?
Where can I find documentation on the requirements for the client authentication certificates?