We do have this functionality. Thing is - the self signed cert is
generated each time when user does not provide it and connection is
made. [1]
Most of OPC UA servers will retain attempted client certificates in
"rejected" directory, but even if you move it to trusted, the next
connection made by plc4x will ship another certificate. So the only one
way is to store client certificate on our end and keep using it.
Doing it on behalf of user (storing cert somewhere) is doable, but opens
us in another set of troubles like expiry of the certificate.
Best,
Łukasz
[1]
https://github.com/apache/plc4x/blob/v0.12.0/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/OpcuaDriverContext.java#L83
On 30.10.2024 09:25, Christofer Dutz wrote:
Hi all,
I followed the trouble in the OPC-UA driver with the certificates … in a
different part of my work I’m dealing with a similar problem.
As I know that creating a self-signed certificate, even with your
documentation, will still probably scare 80% of OT-folks out there, possibly
what I have been working on would also be interesting for us here?
In my experiment I’m using the bouncy-castle libs to auto generate self-signed
certificates in pure java.
So how about adding such a feature to the opc-ua driver?
A feature that auto-generates a certificate that fits for communicating with
the remote PLC, if none is provided.
Chris
