I have a .net standard sample UA server from opcua foundation running, to which I'm trying to connect from the Go client with the following security options:
This works fine with the sample server as long as i have the self signed certificate of the server copied and renamed to "server.der" in the "certs" directory for opcua.RemoteCertificateFile("./certs/server.der") to be able to load it. But when applying the same security option to connect to an actual server that has a CA signed certificate, the go client is failing to trust the server certificate which results in a "BadSecurityChecksFailed" error on the server logs
06/17/2024 12:58:46.364 TCPSERVERCHANNEL ForceChannelFault Socket=00FF2753, ChannelId=0, TokenId=0, Reason=BadSecurityChecksFailed 'Could not verify security on OpenSecureChannel request.'
06/17/2024 12:58:46.365 ChannelId 240: in Faulted state.
06/17/2024 12:58:46.365 TCPSERVERCHANNEL ForceChannelFault Socket=00FF2753, ChannelId=0, TokenId=0, Reason=BadConnectionClosed 'Remote side closed connection'
I have tried trusting the root(issuer's) certificate of the server, still no luck. Same error!
So I was wondering if there is a way I could configure the client to automatically trust the server side certificate without having to pass the file or the file-path, something like opcua.TrustServerCertificate(true) ?
I have a .net standard sample UA server from opcua foundation running, to which I'm trying to connect from the Go client with the following security options:
This works fine with the sample server as long as i have the self signed certificate of the server copied and renamed to "server.der" in the "certs" directory for
opcua.RemoteCertificateFile("./certs/server.der")
to be able to load it. But when applying the same security option to connect to an actual server that has a CA signed certificate, the go client is failing to trust the server certificate which results in a "BadSecurityChecksFailed" error on the server logsI have tried trusting the root(issuer's) certificate of the server, still no luck. Same error!
So I was wondering if there is a way I could configure the client to automatically trust the server side certificate without having to pass the file or the file-path, something like
opcua.TrustServerCertificate(true)
?