Re: OPCUA SSL problem

[Ralph Lange via Tech-talk <tech-talk at aps.anl.gov>]

Hi Karel,

The low-level client, Open62541 in your case, indeed handles most of the dealing with OpenSSL for the Secure OPC UA connections.

Hmmm... more things you could try:

• In your container, install the evaluation bundle of the UA SDK. (The evaluation bundle has full features, just limited to one hour of runtime.) Build the OPCUA Device Support against that.
  The two IOC binaries (linked against Open62541 and UASDK-Eval) are drop-in compatible and you can run either one of them against your server. The Wireshark captures should be directly comparable. (UAExpert also uses the UASDK as its low-level client.)
• Do the same thing on an older Linux version (using OpenSSL1) with the Open62541 client against one of the "binary distribution" tars (that have a fully working version of the OPCUA  Support with UASDK using OpenSSL1) to see if behavior changes between the OpenSSL versions.
• Use the UASDK demo server (part of the mentioned bundle), where you have full access to the server certificates. You can create and configure the server with self-signed or CA-signed certificates and check how the IOC needs to be set up to be able to connect.

The key thing to find out is if the issue is caused by how the Device Support handles the open62541 client or by how the open62541 client handles OpenSSL or by the server acting differently from other servers.

Thanks for your help and patience!

Cheers,

~Ralph