The OPC UA server for zenon logic and in the process gateway should no longer check the certificate with security mode none

The OPC UA server for zenon logic and in the process gateway should no longer check the certificate with security mode none

Summary

Since OPC UA specification 1.02 an OPC UA client is no longer required to send its application instance certificate when MessageMode Security "None" is used by the client. Also an OPC UA server is no longer required to send its certificate when a client requests MessageMode security "None"

Description

Since OPC UA specification 1.02 an OPC UA client is no longer required to send its application instance certificate when MessageMode Security "None" is used by the client. Also an OPC UA server is no longer required to send its certificate when a client requests MessageMode security "None"

Solution

The OPC UA server in the process gateway and the zenon logic OPC UA server have changed in a way that when a client uses MessageMode Security "None", the server no longer sends its own application instance certificate.   Also the OPC UA server in the process gateway and the zenon logic OPC UA server no longer check application instance certificates when message mode security is None, effectively granting access to any OPC UA client that connects.   The option "trust all client certificates" in the configuration of the process gateway for the OPC UA server therefore is void.    

Issue Number: 33280
Fixed on Date: 13.11.2016
Versions: 7.60 0 BUILD 36068
    • Related Articles

    • zenon Changesets Excel

      Here, you can access a comprehensive list of changes across all maintained versions of the zenon Software Platform as Excel Worksheets. This includes both implemented bug-fixes and new features. Additionally, these lists are available in CSV format ...
    • zenon Changesets CSV

      Here, you can access a comprehensive list of changes across all maintained versions of the zenon Software Platform as Excel Worksheets. This includes both implemented bug-fixes and new features. Additionally, these lists are available in as Excel ...
    • OPC-UA Server: DNS Name used in certificate created by zenon.

      The creation of the DNS name in the OPC-UA Server certificate may vary depending on the zenon build and if the machine is within a Workgroup or is part of a Domain. This information can be verified in the certificate, the certificates files (*.der) ...
    • FAQ: How can I browse an OPC UA Server using the zenon OPC UA Client Driver?

      Go to Drivers > New Driver Create a Driver of Type "OPC UA Client Driver" Open the Driver Configuration Go to "Connections" Create a new Connection Enter your Discovery URL Enter your Server URL manually or click the 3 dots to browse the Discovery ...
    • The OPC UA server in the process gateway does not correctly check the certificate revocation lists.

      Summary When using a CA signed certificate for a OPC UA client, it is possible to place the CA root and any intermediate CA signing certificates, in the certificate trust list folder for the OPC UA process gateway. When using CA signed certificates, ...