Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions or issues. You do not have to own a commercial license in order to use the OPC Labs support. Our team is actively monitoring the forums, and provides replies as soon as possible.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible.

Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Client supplied certificate instead of username and password

support
Away
Moderator

More

24 Dec 2025 09:35 #14520 by support

Replied by support on topic Client supplied certificate instead of username and password

Hello.

Which ProsysOPC server you intend to use? I will investigate the same product.

Regards

Please Log in or Create an account to join the conversation.

Cwardltu
Topic Author
Offline
Elite Member

More

23 Dec 2025 19:04 #14519 by Cwardltu

Replied by Cwardltu on topic Client supplied certificate instead of username and password

I started looking into useing prosys server. it looks as though they support certificate auth.

I am still having issues connecting. I have everything in place. it should work.

I too am going to continue this after the holidays. please let me know if you got it working.

Please Log in or Create an account to join the conversation.

support
Away
Moderator

More

23 Dec 2025 15:11 #14518 by support

Replied by support on topic Client supplied certificate instead of username and password

Hello.

I had an initial look. You are right that KepServerEx does not have user authentication via certificates out of the box; but I found this:

support.ptc.com/help/kepware/kepware_server/en/index.html#pa...e/server/uag-certificates.html

So one would have to add the UA Gateway ( www.ptc.com/en/resources/iiot/manufacturing/kepware/infographic/ua-gateway ) possibly?

Best regards

Please Log in or Create an account to join the conversation.

Cwardltu
Topic Author
Offline
Elite Member

More

23 Dec 2025 14:48 #14517 by Cwardltu

Replied by Cwardltu on topic Client supplied certificate instead of username and password

Save you some time,

Kepserver does not support certificate user authentication so i am moving to prosys.

Please Log in or Create an account to join the conversation.

support
Away
Moderator

More

23 Dec 2025 09:36 #14516 by support

Replied by support on topic Client supplied certificate instead of username and password

Hello.

The whole procedure from start to end will be server-dependent. QuickOPC does not really care - it just takes the certificate and uses it for authentication according to UA specs.

However, I am also interested how this works with KepServerEx, so I plan to try it out and document if possible. Please be patient, it may be some days before I get to it, also due to the holiday season.

Best regards

Please Log in or Create an account to join the conversation.

Cwardltu
Topic Author
Offline
Elite Member

More

22 Dec 2025 15:59 #14514 by Cwardltu

Replied by Cwardltu on topic Client supplied certificate instead of username and password

Thanks I believe this is exactly what I am looking for.

I am using KepServer right now for testing.

Youre correct to I am looking to authenticate the user with the certificate.

I am still not able to connect, I think I am using the wrong certificate. this question may be beyond the scope of OPCLabs but if you know the answer that would be much appreciated. How does one create a certificate that WithX509CertificateIdentity would accept?

Please Log in or Create an account to join the conversation.

support
Away
Moderator

More

20 Dec 2025 09:34 #14509 by support

Replied by support on topic Client supplied certificate instead of username and password

Hello.

In the remainder of my reply, I assume that you really want to authenticate the *user* using the certificate, and not the OPC UA *application*. OPC UA applications are always authenticated using the certificates, it is unrelated to user authentication, and done differently in QuickOPC. User authentication with certificates is possible, but relatively rare, so that's why I am a little bit concerned about a possible mixup. (Which UA server or PLC are you using?)

The easiest way to authenticate the user with the certificate is to take an existing UAEndpointDescriptor, and create a new one from it using the WithX509CertificateIdentity extension method:

opclabs.doc-that.com/files/onlinedocs/OPCLabs-ConnectivitySt...ndpointDescriptor,String).html

Also see:

opclabs.doc-that.com/files/onlinedocs/OPCLabs-ConnectivitySt...Authentication%20(Client).html

I hope this helps

Best regards

Please Log in or Create an account to join the conversation.

Cwardltu
Topic Author
Offline
Elite Member

More

18 Dec 2025 21:16 #14506 by Cwardltu

Client supplied certificate instead of username and password was created by Cwardltu

Hello,

I am trying to find out how to use a client certificate as the token info for a server that does not allow anon users.

the goal is a user can configue a cerificate, user/pass, or both to validate its connection to the server. I can not find much documentation on how to do such a thing or in the examples OPCLabs has provided.

I have provided my most recent attempt here:

Code:

        switch (state)
        {
            case AuthenticationType.UsernamePassword:
                Endpoint.UserIdentity.UserNameTokenInfo = new OpcLabs.BaseLib.IdentityModel.User.UserNameTokenInfo(userName, password);
                break;

            case AuthenticationType.Certificate:
                EasyUAApplication.Instance.ApplicationParameters.ApplicationManifest.InstanceOwnStorePath = certificatePath;
                break;

            case AuthenticationType.Both:
                Endpoint.UserIdentity.UserNameTokenInfo = new OpcLabs.BaseLib.IdentityModel.User.UserNameTokenInfo(userName, password);
                EasyUAApplication.Instance.ApplicationParameters.ApplicationManifest.InstanceOwnStorePath = certificatePath;
                break;
        }

Please Log in or Create an account to join the conversation.

Moderators: support, vaclav.zaloudek

Time to create page: 0.138 seconds

Powered by Kunena Forum