0008052: CTT client can not connect to device under test if server uses cert chain and sends complete chain.

ID	Project	Category	View Status	Date Submitted	Last Update

0008052	Compliance Test Tool (CTT) Unified Architecture	2 - CTT Binary	public	2022-06-16 09:42	2022-08-29 18:29

Reporter	Martin Regen	Assigned To	Alexander Allmendinger
Priority	normal	Severity	minor	Reproducibility	always
Status	assigned	Resolution	open
Product Version	1.04.09.401

Summary	0008052: CTT client can not connect to device under test if server uses cert chain and sends complete chain.
Description	The ref server uses a cert chain and has <SendCertificateChain>true</SendCertificateChain> set in the config. The CTT client uses a different thumbprint to connect than the leaf certificate thumbprint on the server, so the ref server bails out with 'BadsecurityChecksFailed'. Maybe there is still some catch in the ref server cert chain handling, it has not been widely used.
Steps To Reproduce	Start ref server from https://github.com/OPCFoundation/UA-.NETStandard/tree/master/Applications/ConsoleReferenceServer. Update server certificate with a chained application cert, e.g. by using server push. Change config setting to set: <SendCertificateChain>true</SendCertificateChain> CTT client fails to connect.
Tags	No tags attached.

Files Affected

Date Modified	Username	Field	Change
2022-06-16 09:42	Martin Regen	New Issue
2022-08-04 15:06	Paul Hunkar	Assigned To	=> Alexander Allmendinger
2022-08-04 15:06	Paul Hunkar	Status	new => assigned
2022-08-29 18:29	Paul Hunkar	Category	5 - General Problem => 2 - CTT Binary