UaException: status=Bad_Certificate Time Invalid

How do I renew a certificate?

UaException: status=Bad_CertificateTimeInvalid, message=certificate is expired: Thu Oct 03 00:00:00 EDT 2019 - Mon Oct 03 00:00:00 EDT 2022
at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.onError(
at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.decode(
at io.netty.handler.codec.ByteToMessageCodec$1.decode(
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(
at io.netty.handler.codec.ByteToMessageCodec.channelRead(
at io.netty.util.concurrent.SingleThreadEventExecutor$
at java.base/ Source)

8.0.4 (b2019091612)
Azul Systems, Inc. 11.0.4

Does anyone know how to resolve this issue? This system has been running for years. It talks to AB plc's using modbus. No OPC UA - I don't know why it has a temporary certificate.

If it is what I think, it is self-generated and signed. If you delete it I think Ignition will generate a new one. Which you probably then have to accept in the other system. @Kevin.Herron ?

As Phil mentions, the certificates get regenerated during startup once you delete them. Kevin mentions in this post where those certificates are located that need to be deleted. Also, 8.1.8 introduced a regenerate certificate option.

1 Like

This resolution does work to regenerate the certificates, but the question from myself and my customer is; "Why did this happen and do we need to worry about it happening again?" This system is running v8.0.8 and has been running for many years without this happening. The solution isn't one that my customer feels comfortable doing themselves, so it requires an onsite service call from my office which costs them money. Is there an underlying issue that we need to look for and resolve or some other way to prevent this from happening again? Thanks!

It will happen again in 3 years.

If you upgrade to 8.1 and regenerate from the UI that was implemented you'll have the option to set a custom validity period.