Untrusted Certificate with OPC UA PLCs Communication Issues
As we attempt to set up OPC UA communication between the two PLCnext controllers, we are working to better understand the BadCertificateUntrusted error we have been receiving.
Findings:
All connection attempts via UaExpert to the PLC are successful when we set: "Use the truststore for client authentication” to off “Check URI against client certificate” to off. The above-mentioned settings, when turned off, plc was able to commutate to our computer using uaexpert. However, the PLCs end up still not trusting one another’s certificates. There is a slight time variation across PLCs and we previously thought this was our issue, but upon further investigation we do not believe it is.
When we try to make the connection, we would see the following errors popping up:
Getting endpoints:
ConnectionId='14', EndpointUrl='opc.tcp://IP, Status='BadCommunicationError'
Connecting session:
ConnectionId='10', EndpointUrl='opc.tcp://IP', Service='Validating server certificate', Status='BadCertificateUntrusted'
Questions:
Is it possible to allow the PLCs to trust each other’s certificates mutually without turning off truststore client authentication?
We have followed all steps in the 'How to configure OPC UA' guide. What troubleshooting steps should we take next?
Are there further configurations or parameters in PLCnext or OPC UA parameters that we have to verify?
Your tips and suggestions towards troubleshooting would be greatly appreciated!