Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Certificate expired

More
20 Dec 2022 08:29 #11359 by support
Replied by support on topic Certificate expired
The ability to specify the application certificate validity period will be in QuickOPC 2023.1.
The following user(s) said Thank You: alenjursic1997

Please Log in or Create an account to join the conversation.

More
05 Oct 2021 18:12 #10257 by alenjursic1997
Replied by alenjursic1997 on topic Certificate expired
Thank you for quick response.

Really appreciate your help.
The following user(s) said Thank You: support

Please Log in or Create an account to join the conversation.

More
05 Oct 2021 17:23 #10256 by admin
Replied by admin on topic Certificate expired
Hello,
currently (as of version 2021.2), the validity period of auto-generated certificates cannot be changed in QuickOPC.

You can generate a certificate with longer validity period manually. See opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...%20Instance%20Certificate.html and opcfoundation.github.io/UA-.NETStandard/help/certificate_generator.htm . If you use the same Subject Name, and place the certificate files it into the proper directories, it will be found by QuickOPC application and used.

QuickOPC applications issue a new auto-generated certificate when no instance certificate found. You can create a recurring job on the computer (e.g. using Task Scheduler) to simply delete the certificate files with desired period, and QuickOPC application will renew its certificate - as you suggested. Note, however, that this does not resolve the problem on the server you are connecting to - because it will most likely not trust the renewed certificate.

Certificate validity should be set based on security evaluation. One of the concerns is that the computing power of your model attackers should not be able to crack the certificate key during the certificate validity period. Given the current encryption algorithms and key sizes used, AFAIK 100 years is too long, as it would be possible to crack it sooner, using commercially available tools.

Best regards
The following user(s) said Thank You: alenjursic1997

Please Log in or Create an account to join the conversation.

More
04 Oct 2021 19:12 #10250 by alenjursic1997
Hello,

I have a problem with auto generated QuickOPC client certificates. They are valid for 1 year and after I deploy my solution to customer's machine, I don't want to interfere with the system anymore. Currently after 1 year, my programs start returning exception saying that certificate has expired. I know that deleting current certificate solves my problem, but just for next 1 year.
  • Is it possible that QuickOPC generates cerificate that is valid for longer period (etc. 100 years)?
  • Are there any solutions to automatize this problem? (e.g: QuickOPC client could auto remove certificate after expiration or something like that).

Another idea I have is that I set scheduled Windows task, to delete current certificate each year, but this can bring another problems.

Best regards, Alen

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.051 seconds