BadCertificateHostNameInvalid OPC UA server connection

I am trying to conenct to the ignition OPC UA server, but i am getting BadCertificateHostNameInvalid error once a connection is being established, the same error was obtained with different OPC Ua client, the following screenshot is from UA expert OPC UA Client.
I am using Ignition 8.0.8 and for the UA server settings, the machine name (SRBTG01SCADA…) is used a binding address, and security policy of Basic256Sha256, the connection works fine with an Anonymous access with no Security policy.

Try connecting to the server using the IP address instead of the partial hostname as you’ve done.

Or you can just ignore this. Most clients will present this as a warning and let you choose to continue.

Hi Kevin, indeed i was able to ignore the error using the OPC UA expert client, but not with OSISoft OPC UA Connector which is my goal, i did try to connect using the IP address but i got the same error/warning. The Osisoft OPC UA connector is expecting the full machine name in the Subject Alternative name or in the URL, i did try to use the full name in the binding address (including the domain) but i was not able to connect to the server.

Unfortunately there’s no way to influence which hostname and IP addresses end up in Ignition’s certificate. It queries the OS for its DNS name and all IP addresses and then puts them into the certificate when it gets generated.

If you connect OSI PI via opc.tcp:// it should work as long as that IP address is reachable from the machine running OSI PI.

The verification is only supposed be that the hostname or IP in the endpoint URL you used to connect is present in the certificate. This is also listed as a suppressible verification in the OPC UA spec, so OSI PI should allow you some way to connect whether or not it matches.

1 Like

Ok i will try that, thanks Kevin.

Finally it worked by adding the full computer name (including the domain) in both binding and endpoint addresses fields.