Issue when using PLC S7-1500 as OPC UA client to connect with OPC UA server having certificate

SIMATIC S7-200/300/400, Step7, PCS7, CFC, SFC, PDM, PLCSIM,
SCL, Graph, SPS-VISU S5/S7, IBHsoftec, LOGO ...
Post Reply
thanhdanhvo96
Posts: 1
Joined: Thu Dec 29, 2022 5:10 pm

Issue when using PLC S7-1500 as OPC UA client to connect with OPC UA server having certificate

Post by thanhdanhvo96 » Thu Dec 29, 2022 5:14 pm

Dear all,

I'd like to get your support on the issue with OPC UA certificate.

My OPC UA server has been built with Node.js. The PLC S7-1500 (firmware v2.9) acts as OPC UA client.

It's working well without certificate but when I use certificate, there are 2 situations:

1. When connecting using "Online access" in the "OPCUA Communication >> Client interfaces", I can connect with certificate (after I export and copy the PLC's certificate to the trusted folder of server). --> server is ok.

2. When coding and running with real PLC: can't connect, there is even no PLC's certificate on the rejected folder of server and there is no any error, the Status of block "OPC UA Connect DB" is still 16#0000_0000.

So, what I did with certificate in TIA Portal (V17) are:

- Enable the Global security setting for certificate manager

- Created (and tested) with both self-signed certificate and CA certificate for PLC

- Added server's certificate to trusted list in "Certificate manager" of TIA Portal (also added to the "Certificate of the partner devices" in Device config)

- In "OPCUA Communication >> Client interfaces", chose the Security Mode/Policy and PLC's certificate (already tried with and without this setting)

In my point of view, the problem is that the PLC received the certificate but somehow it didn't read correctly or didn't compare with the certificate in trusted list because if the PLC do this step, it should send its certificate to (rejected folder of) server.

Could anyone help me on this issue? Thank you in advance.

[Update]
1. The PLC throws the error code 16#8016_0000 (BadCertificateHostNameInvalid/The HostName used to connect to a Server does not match a HostName in the Certificate - as I searched in google) but it's very quick so I could not see this behavior at the beginning.

2. I have tested with UA Expert, I can connect without any problem/warning. So, the high confidence that problem comes from PLC.
----------

Best regards,

Danh Vo

Post Reply