Showing results for 
Search instead for 
Did you mean: 

Generate OPC UA client certificate

Generate OPC UA client certificate



We are trying to create a valid certificate for authentication an OPC UA client with the Bosch CtrlX OPC UA server. We've tried the OPC UA test client, and it can generate a valid certificate just fine (after trusting the certificate in CtrlX), but obviously this has limitations, so we would like to be able to create our own certificates for this purpose.

However, we've had no luck so far. The server rejects every certificate we've tried without any details on what's wrong. There is nothing the Logbook as far as we can see (yes, we tried enabling settings to see trace messages). Are there any instructions on how to create a valid certificate?



Established Member

Hi teracloud,

we want to invesetigate the issue. Can please help us with the following points:

  • Can you please provide us the certificate. Thus we can proof it.
  • How did you provide the certificate to ctrlX?
  • How does the ctrlX certificate manager for the opcua server look like?
  • Which version of the opc ua server app do you use?

Best regards,



Sorry for the late reply. I didn't get a notification that someone had replied.

After some more trial and error, we managed to generate a valid certificate that the CtrlX OPC UA server accepts. What we did was generate it using OpenSSL, then just configure out client with the certificate and connect to the server. This caused the server to automatically reject the certificate, and we were able to go into the certificates in the PLC and mark it as trusted. Then everything worked.

We use version 1.20.1. I am attaching a generated certificate so you can look at it. We don't know if it has additional fields/privileges missing or that don't need to be there.