OPCUA Certificate Error

David_Nolan

• 2020年07月20日 20:15

OK, so i am trying to connect to the OPC UA server using UA Expert. I have the server in certificate mode on the Ewon. i am ultimately able to connect to the server, but only if i ignore the below message:

This shows in the UA Expert logs as "The hostname or IP address in the server certificate does not match the hostname or IP address the client connected to. Since i can actually connect to the server despite the message i assume it is the certificate that might have the wrong definition? My UA Expert server connection settings are below:

Server Settings420Ã607 41.1 KB

Am i doing something wrong on either the client or server sides? is there a way i can avoid this, or suppress it?

0

• 

  Kyle Reynolds

  • 2020年07月20日 20:27

  This is because the either the hostname or IP don't match what is in the certificate. You should be able to suppress the error, but you would need to look it up in the UA Expert documentation as I'm not sure how to do it. Try looking in the Certificate Manager.

  You could also check the certificate to see what the mismatch is and change the IP address or use the correct hostname as the Endpoint Url.

  0
• 

  David_Nolan

  • 2020年07月21日 13:10

  the IP field in the certificate properties is 10.0.0.253. the actual IP address is the one shown in my above screenshot. the UA expert client actually connects and i can read data. so the certificate is just not right somehow. is there a way i can force the UA server to reconstruct/modify it to the right IP?

  

  cert1152Ã124 21.1 KB

  0
• 

  Kyle Reynolds

  • 2020年07月21日 13:21

  I believe you would need to create a new certificate. Here are some instructions from the developer forum:

  • Enable OPCUA Server in Ewon Flexy (System > Main > OPCUA

  • Declare your OPCUA connection in Ignition, with encryption. (OPC Client > OPC Connections --> Choose Sign & Encrypt, BASIC256SHA256)

  • Refresh the OPCUA Settings of Flexy and trust the Ignition certificate (Right-click and click "trust" and update)

  • Then download the Flexy OPCUA certificate on your PC
    

    

    image718Ã554 7.68 KB

  ---

  • Go to Ignition > OPCUA > Security and update it in Ignition
    
    

    image1413Ã698 11.6 KB

  ---

  • The connection should then work
    
    

    image1071Ã663 29.5 KB

  0
• 

  David_Nolan

  • 2020年07月22日 18:52

  I'm not sure we are both on the same page regarding this problem: I am not using Ignition, but rather a Unified Automation .NET library, and and was looking more for insight into how the UA server on the Ewon builds that certificate. The certificate has an IP Address property that is not associated with the IP address the device is running with. Is there a way, on the Ewon side, that I can correct this?

  For me, the problem manifests itself from UAExpert in that the discrepancy must be ignored for the connection to take place. I would like to understand more about this behavior before trying to handle it from code.

  0
• 

  Kyle Reynolds

  • 2020年07月22日 19:16

  If you delete the certificate and reboot the Ewon, it will create a new certificate with the new IP address. The certificate must have been created before the IP address was changed.

  0
• 

  David_Nolan

  • 2020年07月22日 20:29

  Thanks! You guys never let me down!

  0

请先登录再写评论。