Certificate doesn't meet minimum key length requirement

OPCFoundation / UA-.NETStandard

OPC Unified Architecture .NET Standard

Other

1.97k stars 950 forks source link

Certificate doesn't meet minimum key length requirement #305

Closed cxd110 closed 6 years ago

cxd110 commented 6 years ago

I connect the OPC UA SERVER of GE CPE400, and the error is: Certificate doesn't meet minimum key length requirement, where is the problem?

mregen commented 6 years ago

@cxd110 Sha1 signed certs and 1k key length are by default deprecated. Add the following lines to your <SecurityConfiguration> to bypass the security check:

    <!-- WARNING: SHA1 signed certficates are by default rejected and should be phased out.-->
    <RejectSHA1SignedCertificates>false</RejectSHA1SignedCertificates>
    <MinimumCertificateKeySize>1024</MinimumCertificateKeySize>

cxd110 commented 6 years ago

According to your hint, I solved my problem thanks！

nhattran2108 commented 4 years ago

@mregen Hi sir, I have same problem with 2 libraries Opc.Ua.Core and Opc.Ua.Client. I have added 2 libraries to my project with asp web form. But I don't know which file need the code to bypass the security check like you said.

AlinMoldovean commented 4 years ago

@torikachi24 ,

You should set the RejectSHA1SignedCertificatesflag to false in ApplicationConfiguration if you do not load it from an XML configuration file:

// load the application configuration.
application.LoadApplicationConfiguration(false).Wait();
application.ApplicationConfiguration.SecurityConfiguration.RejectSHA1SignedCertificates = false;