Skip to content
Ask A Question
  • There are no suggestions because the search field is empty.

OPC Data Client - OPC UA Self-Signed Certificate Not Trusted

This is not an issue with the OPC UA Client trusting the OPC UA Server certificate, but rather the OPC UA Client's certificate being in the correct Certificate Store on your PC.

When attempting to connect to an OPC UA Server from my custom OPC UA Client made with the OPC Data Client toolkit, I am met with the following error:

OPC-UA service result - Self Signed Certificate is not trusted.
IssuerName: CN=EasyOPC-UA Demo, DC=kubernetes.docker.internal = BadCertificateUntrusted.
---- SERVICE RESULT ----
Status Code: {BadCertificateUntrusted} = 0x801A0000 (2149187584)
-=-=-Description: Self Signed Certificate is not trusted.
IssuerName: CN=EasyOPC-UA Demo, DC=kubernetes.docker.internal
Additional Info:

My OPC UA Server certificate is trusted by my OPC UA Client, so why am I seeing this error?

The code used in the OPC Data Client from the OPC Foundation requires the Client application certificate to be present in the Trusted Peers Certificate Store, which in this case is %CommonApplicationData%\OPC Foundation\CertificateStores\UA Applications. Please follow the instructions below to resolve this error:
  1. Find the UA Configuration Tool (Opc.Ua.ConfigurationTool.exe in C:\Program Files (x86)\Software Toolbox OPC Data Client 2020.3\Bonus\Opc.Ua.ConfigurationTool) and run as administrator. If the UA Configuration Tool is not installed, see the note at the bottom of this entry.
  2. Go to the Manage Certificates tab.
  3. Choose %CommonApplicationData%\OPC Foundation\CertificateStores\MachineDefault from the Store Path drop-down menu.
  4. Click View Certificates and find the certificate for your OPC UA Client Application.
  5. Right-click on your certificate and choose Copy.
  6. Click OK and return to Manage Certificates tab.
  7. Choose %CommonApplicationData%\OPC Foundation\CertificateStores\UA Applications from the Store Path dop-down menu.
  8. Click View Certificates.
  9. Right-click where the certificates are listed and choose Paste.
  10. The application certificate should now be in the UA Applications directory.
  11. The private key should NOT be copied over. Please go to C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\private and confirm that it is not there.
  

NOTE: If this on a deployment machine and you used the Production Installer, the UA Configuration Tool will not be installed. Instead, you may download that separately here: UA Configuration Tool Download

If installing it this way, the UA Configuration Tool will instead be found in: C:\Program Files (x86)\UA Configuration Tool 1.03 or C:\Program Files\UA Configuration Tool 1.03, depending on the Operating System.
 
If you have any further issues, please email support@softwaretoolbox.com or submit a support ticket.