Trusting Applications built from other Frameworks

In this tutorial we will consider an application that is not built upon the OPC Foundation UA .NET API. Applications that are built upon a C++ or JAVA SDK for example, would fall under this category.

Identifying the Tools Available

Different applications from different vendors may approach this differently. This tutorial, while not specific, will provide you with the general guidelines to help establish a trust.

Some applications may provide you with a GUI for easy configuration, whereas others might rely upon standard tools such as the Microsoft Management Console (MMC) or use the file-system directly such as Windows Explorer.

Trusting Applications via Failed Initial Connection Attempt (easier)

In this tutorial we will follow how to enable Server (based on UA .NET API) to trust a Client (other framework), and for a Client (other framework) to trust a Server (based on UA .NET API).

Server (UA .NET API) trusts a
Client (other framework)

Client (UA .NET API) trusts a
Server (other framework)

The following steps outline how you might configure your UA Server (built on the UA .NET API) to trust a Client that is based on a different framework.

  1. Make a secure connection between the Client and Server, expecting the connection to Fail.

  2. Launch the Configuration Tool, then activate the Manage Security tab, and then click the "Select Certificate to Trust..." button.

  3. Change the "Store Path" to show the "RejectedCertificates".

  4. Select the desired application from the list and click the "OK" button.

  5. You will see a message that the certificate is now trusted. However, the certificate is also still not trusted.

  6. Repeat steps 2 and 3 (above) and this time you will select the application by right-clicking on it and choosing "Delete" from the context-menu; you will need to confirm the request.

  7. Click the "Cancel" button to close the "Manage Certificates in Certificate Store" dialog.

  8. Minimize the Configuration Tool.

  9. Try to establish a secure connection from Client to the Server.

  10. This time you may be prompted to trust the Server's certificate; do trust the Server's certificate!
    Please refer to the Client's documentation for product-specific instructions.

The following steps outline how you might configure your UA Client (built on the UA .NET API) to trust a Server that is based on a different framework.

  1. Make a secure connection between the Client and Server, expecting the connection to Fail.

  2. The Server should reject the Client's certificate because it is not yet trusted.
    Please refer to the Server's product-specific documentation for trusting a Client certificate.

  3. Once the Server has been configured to trust the Client's certificate then you should attempt to make another secure connection.

  4. The Client might prompt you to automatically trust the Server's certificate; if so then do trust the Server's certificate.

  5. If the Client rejects the certificate then you can Launch the Configuration Tool, then activate the Manage Security tab, and then click the "Select Certificate to Trust..." button.

  6. Change the "Store Path" to show the "RejectedCertificates". Select the desired application from the list and click the "OK" button.

  7. Repeat the last step except you will delete the certificate from the RejectedCertificates repository.

  8. Try to establish a secure connection from Client to the Server.

See Also