Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[milo-dev] OPC UA security: Server certificates
  • From: Olivier Guillet <Olivier.Guillet@xxxxx>
  • Date: Mon, 16 Nov 2020 21:02:01 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=if.de; dmarc=pass action=none header.from=if.de; dkim=pass header.d=if.de; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UjhgxUQZvXMcl+zDgPlCUkQEbEwdYNbelwsEfZG/lSY=; b=TmR623QQaq9y1GnC8ng+8Ejz1NDQemcE52HrRbcFqS6qaM6EsJd/JjtRjnldIJDGpHK3r/TkqU9adK01UJMSw6hH+JnWhjIizADj4ixf7XINFXguQxgtF8nzM+cJYrNcE+izz5YHPbbi4UISylcONycY9r41pN/SflWSzgUyXvXDtPJaqT/ZeswK+RCq0CHwltp4N3bpUt0rrB6R6b7MZRdi6NnYcHpCMgCLnuz/MaOn6ol8yH+x+BLgwDcR/WRDIOOXtZY1YVuSCKe4jH3s9gRZa4qHJIPYV/IdxaBAtT2G5VMSNjlSFXoLxg6623GxcoCCG2oxbjuEcjPJg+BuqQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vrx8JvFvnYm3eilwy5JsyxQC0X9dVADCX0yrWuD6knRIOWtVDBes4SNhfIsp3Yar65SieiKcYtcAoWwfHcPB1QQtOvO8yVAvdfQaRr9Ws+CXLKK6LMQYmpJ5yn2vAWzDPc8DsmA9hm0Ifx5N/w6JIzCj5JGTneWhZsEs2t1OBjWO6jQ+uMrkKxKE5VnCmt20x3qRLVjk7jfdKsMvfGZS5PqZQ2Uo/5Hou8CcQzQZh0U3HeEk5pwMmDpqGxuq60UJAmZiMegTACimVngVCGlzSKAB5fvGZaBNavS+b4s30SFA6yMBDACh+J0UdWQAjXufo/s2mpomS+n7atmDoVrXPQ==
  • Delivered-to: milo-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/milo-dev>
  • List-help: <mailto:milo-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/milo-dev>, <mailto:milo-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/milo-dev>, <mailto:milo-dev-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHWvFu6vMTYZk5bBES70ryau8L5uw==
  • Thread-topic: OPC UA security: Server certificates
  • User-agent: Microsoft-MacOutlook/16.43.20110804

Hello,

 

we’re in the process of adding OPC UA security options in our milo based opc ua software and some areas still remain unclear (as probably some of my questions):

 

  • Is the (opc ua) client supposed to validate and trust (or ask the user to trust) the server certificate? Server certificates can be loaded from the selected endpoints, but should they be checked (for instance whether they expired) and trusted by the client? If yes, does Milo support certificate validation?
  • Should the client check at each connection whether server certificates changed and validate (and trust) them again?

 

Thanks in advance!

 

Kind regards

Olivier

 

Back to the top