I have a simple node-opcua client and it wants to connect to a server via Basic128Rsa15 policy.
I have created a self-signed certificate and the server does receive this cert and I can move it on the server to the trusted pki directory.
At my client - the node-opcua - I also see a new directory "pki/rejected" with the cert from the server.
My question is now: What do I have to do now so that the client will trust this self-signed cert from the server?
I have already tried to create a "trusted" directory and move it to there, but this does not help, I also have tried to add an option (which I have found via google): serverCertificate=crypto_utils.readCertificate("pki/trusted/04c9f401be19e5a2349460306579c692e777cea5.pem"); But that also didn't help. When I start the client it creates again the cert in the "rejected" folder.
My node-opcua options for the connection:
options: securityMode: 3 # None = 1, Sign = 2, SignAndEncrypt = 3 securityPolicy: "http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15" certificateFile: certificates/cert.pem privateKeyFile: certificates/key.pem
[EDITED]
version 2.30 onward: node-opcua clients now perform full certificate validation coming from servers:
automaticallyAcceptUnknownCertificates to false.subjectAltName.uniqueResourceIdentify must match server's applicationUri, keyUsage, key length etc ...version 2.28 and below: node-opcua clients did not perform server certificate trust/reject checks yet, nor full certificate validation, just basic validate (date, signature ...)