sciortid commented on issue #1844:
URL: https://github.com/apache/plc4x/issues/1844#issuecomment-2434898636
Ok so certificate authentication method is currently not supported, But
You're right, I'm mixing certificates authentication with encryption.
Apparently the python opcua library uses those same key/certificates for
both purposes, both on client and server side.
I'm sure about this because i can login into the configured server via UA
Expert by providing the client certificates path.
I still don't understand the following:
I now configured the python server to use encryption communication and
user/psw authentication
```
#Communication
server.set_security_policy([
ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt
])
#Authentication
server.set_security_IDs(["Username"])
#Certificates
server.load_certificate("certificates/server_certificate.der")
server.load_private_key("certificates/server_private_key.pem")
```
But how is that possible that I'm able to login into the server via PLC4J /
UA Expert by just providing the username+password without a certificate?
```
String serverUrl = "opcua:tcp://127.0.0.1:4840";
String discovery = "true";
String securityPolicy = "Basic256Sha256"; // Percorso del certificato del
client
String messageSecurity = "SIGN_ENCRYPT";
String username = "user1";
String password = "password1";
String connectionString = String.format(
"%s?discovery=%s&security-policy=%s&message-securty=%s&username=%s&password=%s",
serverUrl, discovery, securityPolicy, messageSecurity, username,
password
);
```
I again admit to be a noob, but my only explanation to this is that only
server certificate matters for communication encryption? Why do you say that
the keystore on client side is used to secure channel?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
