3

For OPC UA Client SDK 2.5.4 , on computer name change the client certificates needs to be recreated as they becomes invalid. Why, is it documented anywhere?

In Version 2.0, on computer name change the clients certificates were not affected and hence there was no need of recreating them. Using a Dotnet 4.5 and C# 6 supported application.

Rekshino
  • 6,954
  • 2
  • 19
  • 44
Ritesh Kumar
  • 153
  • 12
  • You should identify the SDK better. Who is the author.vendor of that SDK? – ZbynekZ Jun 06 '18 at 10:35
  • @ZbynekZ I am very new to OPC domain , i am unable to correlate to your question. Currently i am using UnifiedAutomation.UaBase dll and UnifiedAutomation.UaClient.dll. – Ritesh Kumar Jun 06 '18 at 11:02
  • 1
    Yes, that is what was missing here. Unified Automation is one of the several/many SDKs available for OPC. So, when asking for help, identifying the SDK is important. – ZbynekZ Jun 06 '18 at 11:47
  • @ZbynekZ Ok, now you can help? – Ritesh Kumar Jun 06 '18 at 12:52
  • 1
    The client probably creates a new certificate when the name of the computer changes and uses that name as the common name of the certificate, that helps the server administrator to recognize to which client the certificate corresponds . I see it as something normal, people do not change the name of the computer frequently. – from56 Jun 06 '18 at 20:57
  • 1
    @felisart i understand that this is normal but this behaviour was not there in previous version... to support current version i need to update my application for which i need to justify my change.... this is possible only if i can show them any documentation from opc ua provider itself...i have requested them... in mean while checking here as i might have missed reading that point there documentation...what i need is a proof that this is normal... – Ritesh Kumar Jun 07 '18 at 04:05
  • @ZbynekZ I have created a Tag [inified-automation-sdk](https://stackoverflow.com/questions/tagged/unified-automation-sdk), so it can be used to organize the questions. – Rekshino Jun 12 '18 at 15:43

1 Answers1

2

In version 2.1.0 change log there is the line

  • Replaces DC=localhost in ApplicationCertificate SubjectNames with DC=<computername>

So a certificate with localhost in its SubjectName cannot be found, because certificates with <computername> are searched.

After version 2.1.0 we need to recreate client certificate also along with server certificates, on computer name change.

Ritesh Kumar
  • 153
  • 12