cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Bad Certificate Error-PCO UA Source

Go to solution
bikshu2313_94
Explorer

on ‎2023 Dec 15 10:39 AM

0 Kudos
736

Hi All,

We have PCO 15.5 and Kelpware server. I configured the PCO with server endpoint configuration on Session Tab as suggested by vendor.

And Selected the Certificate which by default available under Security Tab - Personnel folder.

But while testing the connection, it returned the Bad Certificate Error .

I have attached the error screen shot and Session Tab Configuration, pls help to resolve this issue.

endpoint.png

error-pco.png

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

steve_stubbs
Participant
‎2023 Dec 15 2:09 PM
0 Kudos

Hi Bikshapati,

In PCo, on the Security Tab of the OPC UA Source System, you should have a Certificate Storage System configured. Open the Store for Rejected Server Certificates (file based or Certificate Store Based) location, find the Cerficate from KepServerEX, and move this certificate to the Store for Trusted Server Certificates location. Restart your related Agent Instance(s) and this should resolve the issue. You may also want to check the settings in Validation Options button in the Security Tab of the OPC UA Source System to set as appropriate for your particular instance.

Also, please review the Security Guide PCo 15.5 in PCo help for more information.

Regards, Steve

Show replies
Show replies
bikshu2313_94
Explorer
‎2023 Dec 20 1:03 PM
0 Kudos

Hi a6b2097e6e1a4bc8b405b753f47aa370,

Thank you for your response.

I have moved the certificate to below folder which was generated using self signed generation wizard in PCO.

C:\ProgramData\SAP\Pco\CertificateStores\UA Applications

And did the connection test in session tab. But no luck . Getting error as certificate rejected due to ""BadCertificateHostNameInvalid"."

Additionally, I have uploaded another certificate in PCO which was download from Kepware server. But still no luck and got same error.

Do we really required to upload the certificate which I got from Kepware server. Or just self signed certificate of PCO is enough to establish communication.

I am awaiting for your response. Pls do .

Thank you,

Bikshapati.

steve_stubbs
Participant
‎2023 Dec 21 12:48 PM
0 Kudos

Hi Bikshapati,

The error you are getting "BadCertificateHostNameInvalid" means that the KepServerEX server cerficate does not have a valid host name for PCo. The way to fix this is to Open the OPCUA Source System Security Tab and click on Validation Options to show the Validation Options for Server Certificates dialog box seen below. Check the Host Name box under Suppress Validation Error section. Depending on your requirements, check the other boxes in this section, and select an appropriate option under Empty Certificates section. Click OK, save your changes, and then start an OPC UA Agent Instance to test.

Regards, Steve

Answers (0)

Ask a Question