nauful
commented
3 years ago Hello,
Self-generated certificates are only suitable for dev testing, not for actual use. You would ideally create a certificate from either a certificate authority for your domain/company/organization or something more fully featured compared to .NET's basic certificate creation e.g. openssl.
You could try using interop with native methods to write SAN, but I would recommend either of the two approaches above instead of a sample self-generated certificate: https://stackoverflow.com/a/43938024
Downloaded LibUA at end of April and compiled the Test Server. With server running, connected with the UaExpert client (version 1.5.1.331). During first attempt, the UaExpert Certificate Validation dialog popped up and contained error message "SubjectAltName is missing - this extension is mandatory according to the UA specification". Continued by pressing "Trust Server in Certificate". Subsequent connections by UaExpert client all pop the Connect Error dialog with message "Error 'BadCertificateHostNameInvalid' was returned during CreateSession, press 'Ignore' to suppress the error and continue connecting." After pressing Ignore, everything worked normally. But need to avoid the operator acknowledgement every time UaExpert connects. All online research suggests that the server certificate needs to include the SubjectAltName field to avoid this error. Please suggest how to add this parameter to your self-generated certificates. Thanks.