Invalid CA certificate [BadCertificateInvalid] - IGNITION 7.7.4

zxcslo · February 11, 2025, 11:48am

We have a client with 10 years old Ignition Gateway, v7.7.4:

They reached to us, that they have a third party OPC-UA client, and have problem with connecting to the Ignition OPC-UA server.

When I tried to connect with UAExpert client software, I get this error, that the "Validating the certificate of server 'Ignition OPC-UA Server' returned an error":

I downloaded the latest UAExpert client software and trusted the certificate, when I tried to connect the first time.
Also the Ignition server certificate is not expired yet (it'll expire some time next year).

I know that this is old Ignition, but for years, there was no problem (at least we didn't hear from them).
I think the last time I tried to connect to was a year and half ago (autumn 2023)...

Is there anything, that I can do (beside to upgrade to at least 7.9)?

pturmel · February 11, 2025, 1:23pm

Have them use a similarly old copy of UAExpert or other OPC software. (Lots of security changes in the intervening years.)

If you want to keep using old, unsupported, and insecure copies of Ignition, don't try to mix it with new software.

Kevin.Herron · February 11, 2025, 2:31pm

Perhaps related to the missing BasicConstraints.

Can't you just click the checkbox in the lower left and then continue?

zxcslo · February 11, 2025, 3:30pm

Yes, I can. And then the UAExpert client will connect and I can see the tag values. That's OK for testing purposes.

But the customer has some other system/driver (some kind of MES, I think), with which they connect to the Ignition OPC UA server.
And they can't connect because of this error...

Kevin.Herron · February 11, 2025, 3:35pm

Well, some error.

It's different software that may behave differently and have different requirements of the certificate.