OPC UA Certificate issue
I created certificate for plc next and try to have connection for opc-ua iiot in node red i tried 1024 and 2048 certificate but still my server rejected connection by server
C:\Users\jerma\.node-red\node_modules\node-red-contrib-iiot-opcua\certificates\client_selfsigned_cert_2048.pem
C:\Users\jerma\.node-red\node_modules\node-red-contrib-iiot-opcua\certificates\PKI\private\private_key.pem
or
C:\Users\jerma\.node-red\node_modules\node-red-contrib-iiot-opcua\certificates\client_selfsigned_cert_1024.pem
C:\Users\jerma\.node-red\node_modules\node-red-contrib-iiot-opcua\certificates\PKI\private\private_key.pem
i used command to created them openssl req -newkey rsa:1024 -nodes -keyout private_key.pem -x509 -out client_selfsigned_cert_1024.pem
and
openssl req -newkey rsa:2048 -nodes -keyout private_key.pem -x509 -out client_selfsigned_cert_2048.pem
Comments
i tried to use as well xce but still i got error [NODE-OPCUA-W14]
i tried put is self signed trusted store without ( trusted store ) in (identity store) change plc in to Self signed by controller” to “File on controller”. different approached different ways rebooting plcnext , program to creating certificate copy from plcnext /xca program / git bash
Maybe you should ask in the PLCnext Technology & Controls forum and not in the forum for the IDE.
You seem to be trying to make changes to the OPC UA Server certificate in the PLCnext Control device. That should not necessary in order for an OPC UA Client to connect to the server. For example, UaExpert is an OPC UA Client that can connect to the OPC UA Server in a PLCnext Control device without any problems. Other OPC UA clients, like Node-Red, should be the same.
This seems to be an issue with the Node-Red OPC UA client, which someone in this Community might be able to help with. Or, perhaps there is a Node-Red forum somewhere that also might be able to help. But getting Node-Red connected to the OPC UA Server in a PLCnext Control device should not require any changes to the OPC UA server certificate.
I agree with you martin and there is one problem everything works all opc client and servers when i remove all security after i want to make plc next more secure and after enabling security plcnext requires certificate as server only certificate which is self sign only under uaexpert, but there is no other option for diffrent clients , so you have to create it yourself, where in the instructions on the website it is only 1024 bit, where most clients/servers use 2048 bit, of course, I will ask on other websites, but the server refuses to connect me, not the client
after enabling security plcnext requires certificate as server only certificate which is self sign only under uaexpert, but there is no other option for diffrent clients , so you have to create it yourself
No, that's not true. The self-signed certificate in the PLCnext Control device is not only for UaExpert, and it should work with all OPC UA Clients. You do not have to create a new OPC UA Server certificate for different OPC UA Clients. I haven't used the OPC UA Client in Node-Red myself, but I know that others have managed to make the connection to the OPC UA Server in a PLCnext Control device, with security enabled, without having to create a custom server certificate.
I don't know what I'm doing wrong because I tried with the default certificate
I'm still waiting for a test sd card to install node-red on plc next from which I heard it works much better with plcnext installed than controlling from a computer or other device