Usage of CA certificate for secure channel
42 views
Skip to first unread message
Sangamesh hugar
Mar 26, 2025, 5:59:42 AMMar 26
to open62541
Hi Team,
I am using open62541 SDK to create OPCUA Server,
for creating secure channel i am using sign and encrypt with security policy Basic256sha256 when i tried to connect client using CA certificate for mutual authentication there i am getting UA_STATUSCODE_BADCERTIFICATEUSENOTALLOWED.
for creating secure channel i am using sign and encrypt with security policy Basic256sha256 when i tried to connect client using CA certificate for mutual authentication there i am getting UA_STATUSCODE_BADCERTIFICATEUSENOTALLOWED.
i want confirm that whether SDK supports CA certificate or not?
Regards,
Sangamesh
Julius Pfrommer
Apr 2, 2025, 5:42:42 AMApr 2
to open62541
The SDK supports CA certificates.
But it needs to have the required bits to act as a CA.
And the CA certificate cannot be the end-user certificate.
You could start with a self-signed certificate with the script in /tools/certs and take it from there.
For the exact steps to verify a certificate, see the OPC UA specification, Part 6, 6.1.3 Determining if a Certificate is trusted.
Our implementation for OpenSSL is here:
Regards, Julius
Reply all
Reply to author
Forward
0 new messages