0004834: Security/Security Certificate Validation/047.js fails (same as 0004694)

ID	Project	Category	View Status	Date Submitted	Last Update

0004834	Compliance Test Tool (CTT) Unified Architecture	1 - Script Issue	public	2019-07-16 15:12	2019-08-16 15:51

Reporter	Camille Guérin	Assigned To	Paul Hunkar
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required

Summary	0004834: Security/Security Certificate Validation/047.js fails (same as 0004694)
Description	Issue 0004694 still there in 1.3.341.389 "The project has the setting DisableCertificateRevocationUnknown enabled. And the server does not use CRLs. But nevertheless the script fails with Error: DisableCertificateRevocationOverride is set in the CTT Settings but the server rejected the connection. Make sure that the server is configured to suppress errors caused by unavailable revocation list and update the CTT settings or the server configuration. See OPC UA Spec Part 4 Table 104 for more informations." ctt_ca1I_appUR.der is signed by ctt_ca1T.der But ctt_ca1T.der is in the list of certificate to have in the Trusted List of the Server. Connection is then granted since Server do not support CRL
Tags	No tags attached.

Files Affected

Camille Guérin 2019-07-16 15:14 reporter ~0010491	Same for Security/Security Certificate Validation/045.js Fail when Server do not support CRL

Paul Hunkar 2019-07-18 12:45 administrator ~0010508	All servers are required to support CRLs. The setting you are point to is to allow a user to temporarily disable CRL checking - i.e. most CRL are on-line and if the on-line fails, you don't want all connections to fail, so the CRL can be disabled. This does not imply that a server can not support CRL checking. In test 47, the certificate is not trusted and the CA is an issuer certificate not a trusted certificate - so the CRL should not even come into the discussion. Note: this was fixed back in April and 1.3.341.389 release has the fixed. Are you running a new project (with new certificates) or using an older project that has old scripts?

Paul Hunkar 2019-08-12 04:59 administrator ~0010771	No additional feedback - miss-understanding of test

Paul Hunkar 2019-08-16 15:51 administrator ~0010789	Review in CMP call

Date Modified	Username	Field	Change
2019-07-16 15:12	Camille Guérin	New Issue
2019-07-16 15:14	Camille Guérin	Note Added: 0010491
2019-07-18 12:45	Paul Hunkar	Assigned To	=> Paul Hunkar
2019-07-18 12:45	Paul Hunkar	Status	new => feedback
2019-07-18 12:45	Paul Hunkar	Note Added: 0010508
2019-08-12 04:59	Paul Hunkar	Status	feedback => resolved
2019-08-12 04:59	Paul Hunkar	Resolution	open => no change required
2019-08-12 04:59	Paul Hunkar	Note Added: 0010771
2019-08-16 15:51	Paul Hunkar	Status	resolved => closed
2019-08-16 15:51	Paul Hunkar	Note Added: 0010789