View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000863610000-012: DiscoverySpecpublic2023-01-20 17:052023-04-18 15:30
ReporterMartin Regen Assigned ToRandy Armstrong  
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Product Version1.05.03 
Summary0008636: A GDS must put its CA certificates in the Issuer store, or IOP issues may occur
Description

see discussion here: https://github.com/OPCFoundation/UA-.NETStandard/issues/2020

After updating the app cert with a signed cert of of the GDS, the GDS does not AutoAccept the connection, because of the BadCertificateChaininvalid error.
The GDS did not know its own CA issuer certs.

Fix:
I) Solution in .NET stack is to set SendCertificateChain=true
ii) in GDS copy CA certs to Issuer store to complete the chain

comment Randy:

The GDS should have a knowledge of all CAs its uses to issue Certificates.
If it rejects a certificate it just issued then the GDS is broken (it only needs to be in the issuer store – the CA does not need to be trusted, just known).

I agree this needs a mantis issue in Part 12.
It can be a mandatory requirement since it results in really annoying IOP problems.

Regards,
Randy

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2023-01-20 17:05 Martin Regen New Issue
2023-01-20 17:06 Martin Regen Description Updated
2023-01-20 17:09 Martin Regen Description Updated
2023-01-20 17:10 Martin Regen Description Updated
2023-04-18 15:28 Jim Luth Assigned To => Randy Armstrong
2023-04-18 15:28 Jim Luth Status new => assigned