OPCUA Certificate Error

OK, so i am trying to connect to the OPC UA server using UA Expert. I have the server in certificate mode on the Ewon. i am ultimately able to connect to the server, but only if i ignore the below message:


This shows in the UA Expert logs as "The hostname or IP address in the server certificate does not match the hostname or IP address the client connected to. Since i can actually connect to the server despite the message i assume it is the certificate that might have the wrong definition? My UA Expert server connection settings are below:

Am i doing something wrong on either the client or server sides? is there a way i can avoid this, or suppress it?

This is because the either the hostname or IP don’t match what is in the certificate. You should be able to suppress the error, but you would need to look it up in the UA Expert documentation as I’m not sure how to do it. Try looking in the Certificate Manager.

You could also check the certificate to see what the mismatch is and change the IP address or use the correct hostname as the Endpoint Url.

the IP field in the certificate properties is the actual IP address is the one shown in my above screenshot. the UA expert client actually connects and i can read data. so the certificate is just not right somehow. is there a way i can force the UA server to reconstruct/modify it to the right IP?

I believe you would need to create a new certificate. Here are some instructions from the developer forum:

  • Enable OPCUA Server in Ewon Flexy (System > Main > OPCUA

  • Declare your OPCUA connection in Ignition, with encryption. (OPC Client > OPC Connections --> Choose Sign & Encrypt, BASIC256SHA256)

  • Refresh the OPCUA Settings of Flexy and trust the Ignition certificate (Right-click and click “trust” and update)

  • Then download the Flexy OPCUA certificate on your PC

I’m not sure we are both on the same page regarding this problem… I am not using Ignition, but rather a Unified Automation .NET library, and and was looking more for insight into how the UA server on the Ewon builds that certificate. The certificate has an IP Address property that is not associated with the IP address the device is running with. Is there a way, on the Ewon side, that I can correct this?

For me, the problem manifests itself from UAExpert in that the discrepancy must be ignored for the connection to take place. I would like to understand more about this behavior before trying to handle it from code.

If you delete the certificate and reboot the Ewon, it will create a new certificate with the new IP address. The certificate must have been created before the IP address was changed.

Thanks! You guys never let me down!

1 Like