CNC machine OPC UA certificate error

Ignition 8.1.23

Hi All

We have a fairly new CNC machine from DMG Mori. It is equipped with what Mori call an "IoT Connector". This is basically a box that makes machine data available via OPC-UA, MtConnect or MQTT.

The machine was commissioned over 6 months ago and since then we have been happily collecting OEE data using OPC-UA. On 12/06/2023 at 23:28, the comms stopped. Ignition is telling me that the certificate has a bad timestamp (either expired or not yet valid). We have many other OPC-UA enabled devices communicating with Ignition and no other issues. The CNC machine is still in production since all code is delivered via a separate system.

I have tried the following.:

  • Checked date & time on certificate. Looks good.
  • Checked date & time on CNC machine and ignition server. All good.
  • Checked the username and password.
  • Power cycled the CNC machine...
  • Re-created the OPC-UA connection in ignition. Ignition reports that an issue with the endpoint host and this has to be set to the actual IP. This was done during commissioning, and it seemed to work ok.
  • Connected to server with third party OPC-UA browser. Data can be read but the OPC browser is unable to retrieve certificate information.
  • Disabled certificate validation - same error message about bad certificate time.
  • Deleted the certificate from ignition's store, recreated connection. Same error.

Currently working from home but planning to temporarily disable OPC-UA authentication on the machine next.

Can anyone suggest anything else to check before I take a deep breath and contact the OEM? (There isn't much local knowledge on machine monitoring and all questions on the topic are indirectly routed to Germany...)



UaException: status=Bad_CertificateTimeInvalid, message=The certificate has expired or is not yet valid.
	at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.onError(
	at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.decode(
	at io.netty.handler.codec.ByteToMessageCodec$1.decode(
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(
	at io.netty.handler.codec.ByteToMessageCodec.channelRead(
	at io.netty.util.concurrent.SingleThreadEventExecutor$
	at io.netty.util.internal.ThreadExecutorMap$
	at java.base/ Source)

8.1.23 (b2022121308)
Azul Systems, Inc.

This looks like the server rejecting the connection because the Ignition OPC UA client certificate has expired.

In the OPC UA > Security section of the gateway you can view and regenerate the client and server certificates.


Hi Kevin. Thanks for the reply. As mentioned previously, I have looked at the certificate and it is valid. See below for a screenshot of the certificate that I downloaded from the ignition webpage.

I'm baffled. Why would ignition complain about the certificate validity if the date checks out? Could it really be an issue with another field on the cert?


Look at the "Valid From" start date on the image of the certificate you provided. It is not yet valid, which matches what the error message is saying.

Unless your date is day/month/year?

Ignition isn’t complaining about that server certificate, that server is complaining about the Ignition client certificate.

We're on day/month/year. Thanks

Kevin - you're right! I hadn't even looked there and missed the "client" bit from your first message. Thank you!

The connection to the CNC machine is now back up and running. Thanks

1 Like