OPC-UA Server: DNS Name used in certificate created by zenon.
The creation of the DNS name in the OPC-UA Server certificate may vary depending on the zenon build and if the machine is within a Workgroup or is part of a Domain.
This information can be verified in the certificate, the certificates files (*.der) created by zenon can be found in:
C:\ProgramData\COPA-DATA\System\PKI\CA\certs
For the zenon version 11 Build 126436 and older, the the DNS Name is created accordingly the scenarios bellow:
1st case: Local machine with added suffix or Workgroup.
DNS Name don't use FQDN, only localhost name.
2nd case: Domain machine with a Service Engine being run by a local user.
DNS name always use the FQDN.
From the zenon version 11 Build 157700 up to newer zenon versions (12, 14...) and builds the DNS Name is created accordingly the scenarios bellow:
1st case: Local machine with added suffix or Workgroup.
DNS Name created contains the FQDN.
2nd case: Domain machine with a Service Engine being run by a local user.
DNS name always use the FQDN.
In the case that there is a mismatch between the DNS Name in the certificate and the Name of the machine, causing the startup failure of the OPC-UA Server.
Eg: Workgroup machine or a machine using a suffix and a newer zenon build. do the steps bellow:
- Open the directory C:\Windows\System32\drivers\etc\;
- Open the file hosts and add an entry with the localhost IP and the same name as it is issued in the certificate.
Related Articles
FAQ: How can I browse an OPC UA Server using the zenon OPC UA Client Driver?
Go to Drivers > New Driver Create a Driver of Type "OPC UA Client Driver" Open the Driver Configuration Go to "Connections" Create a new Connection Enter your Discovery URL Enter your Server URL manually or click the 3 dots to browse the Discovery ...The application instance certificate generated by the zenon logic OPC UA server is incorrect
Summary The application instance certificate generated by the zenon logic OPC UA server on first startup is incorrect. The certificate does not include a subjectAltname field containing the application Uri and DNS name of the OPC UA server ...The OPC UA client driver creates an incorrect self-signed certificate
Summary When a new connection is created in the OPCUA32 client driver a new self signed certificate is automatically created, but the certificate does not contain a SubjectAltname as required for OPC UA application instance certificates. This may ...Checklist: OPCDA Server
Time estimate: 20 minutes Please go through all the points in the following checklist. If necessary, confirm with IT Department any information you cannot verify before contacting your local COPA-DATA Representative. Do NOT use DCOM in combination ...The OPC UA server for zenon logic and in the process gateway should no longer check the certificate with security mode none
Summary Since OPC UA specification 1.02 an OPC UA client is no longer required to send its application instance certificate when MessageMode Security "None" is used by the client. Also an OPC UA server is no longer required to send its certificate ...