.NET Based OPC UA Client/Server SDK
2.6.3.431
|
The dialog shown in the following screenshot is an example for displaying an untrusted server certificate. It can be accepted temporarily or permanently. Press the button “Show Code” to display the corresponding code, and the button “Help” to show this documentation page.
This dialog is used in the .NET based OPC UA Demo Server included in the SDK. It shows up when connecting to the server on a secure endpoint with a client (e.g UaExpert) whose certificate is not on the server’s trust list.
To trust the certificate only for the current session, click on the “Trust” button. To accept the certificate permanently, check the box next to “Save Certificate in TrustList”. When clicking the button “Reject”, the certificate is rejected and the client is not able to connect to the server. If the certificate is neither accepted nor trusted after a specified amount of time (indicated by a countdown next to the “Reject” button), it is rejected automatically.
When the SDK receives an untrusted certificate, it will raise an UntrustedCertificate event. Applications can handle this event and decide whether the SDK should trust the certificate. The application can use this event to implement specialized logic for determining trust.
The arguments passed to this event allow the implementer to specify whether to permanently save the certificate in the trust list. If the certificate is rejected, it will be written to the rejected certificates store and can be reassessed at a later date.
Application developers need to be careful with this event, because the client will not receive a reply until it returns. This sample implementation provides a timeout mechanism that causes an automatic rejection.
This event can also be called from any thread, so developers need to watch out for deadlocks with the UI thread. For example, if the UI thread is blocked waiting for a response from the SDK, then this event cannot be processed.