From ace9c98ea1851305c9077d66874594c79ad7f095 Mon Sep 17 00:00:00 2001 From: Johannes Wussler Date: Mon, 16 Mar 2026 14:14:32 +0100 Subject: [PATCH 1/3] updated opcua doc --- .../modules/opc-ua-connector.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md b/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md index 9199ff32809..77c7d486699 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md @@ -87,7 +87,7 @@ Once the configuration is saved, the APIs can be used in your application. ## Advanced Connection {#advanced-connection} This section shows you how to configure a connection to an OPC-UA server without the discovery service. -If you have succesfully set up your configuration in the Basic Configuration section, this section can be omited and please continue to section {[Using Services](#using-services) +If you have succesfully set up your configuration in the Basic Configuration section, this section can be omited and please continue to section [Using Services](#using-services) 1. Create a microflow to set up a manual connection. Make sure that the microflow do the following in order: @@ -154,6 +154,13 @@ The association between the client and the server certificates does not need to If you ever want to reject a certificate from the server, remove it from the list of trusted certificates and restart the application. +### Advanced Server Certificate Validation + +Setting the `AdvancedConfiguration` constant to *true* enables advanced server certificate validation options during configuration. This allows developers to customize validation checks, for example by making checks more strict or by disabling specific checks. +By default, only `ApplicationUri` validation is enabled. According to OPC UA specifications, this check should not be disabled. Other checks that can be enabled are hostname, validity, revocation status, certificate revocation lists (CRLs), end-entity key usage, and end-entity extended key usage. + +{{% alert color="warning" %}}Disabling server validation checks completely reduces connection security.{{% /alert %}} + ## Using Services {#using-services} ### View Service From cf70c7d0ca31482a0f3ccf1184f4fb7d53241b62 Mon Sep 17 00:00:00 2001 From: nicoletacoman Date: Fri, 20 Mar 2026 10:12:01 +0100 Subject: [PATCH 2/3] TW review --- .../modules/opc-ua-connector.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md b/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md index 77c7d486699..9be706d5b8d 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md @@ -87,7 +87,7 @@ Once the configuration is saved, the APIs can be used in your application. ## Advanced Connection {#advanced-connection} This section shows you how to configure a connection to an OPC-UA server without the discovery service. -If you have succesfully set up your configuration in the Basic Configuration section, this section can be omited and please continue to section [Using Services](#using-services) +If you have successfully set up your configuration in the **Basic Configuration** section, you can omit this step and continue to section [Using Services](#using-services). 1. Create a microflow to set up a manual connection. Make sure that the microflow do the following in order: @@ -156,10 +156,12 @@ If you ever want to reject a certificate from the server, remove it from the lis ### Advanced Server Certificate Validation -Setting the `AdvancedConfiguration` constant to *true* enables advanced server certificate validation options during configuration. This allows developers to customize validation checks, for example by making checks more strict or by disabling specific checks. +Setting the `AdvancedConfiguration` constant to *true* enables advanced server certificate validation options during configuration. This allows developers to customize validation checks, such as making checks more strict or disabling specific checks. By default, only `ApplicationUri` validation is enabled. According to OPC UA specifications, this check should not be disabled. Other checks that can be enabled are hostname, validity, revocation status, certificate revocation lists (CRLs), end-entity key usage, and end-entity extended key usage. -{{% alert color="warning" %}}Disabling server validation checks completely reduces connection security.{{% /alert %}} +{{% alert color="warning" %}} +Disabling server validation checks completely reduces connection security. +{{% /alert %}} ## Using Services {#using-services} From becdcae9dd65a50fe2bd405ccd0ae05f62b48275 Mon Sep 17 00:00:00 2001 From: jowussler Date: Mon, 23 Mar 2026 16:44:06 +0100 Subject: [PATCH 3/3] Update opc-ua-connector.md improved description for adding an application certificate --- .../platform-supported-content/modules/opc-ua-connector.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md b/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md index 9be706d5b8d..d471d0e63a7 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/opc-ua-connector.md @@ -60,7 +60,7 @@ The descriptions of the actions are as follows: 3. Run the app locally and open the app. 4. Log in as a user with the `CanConfigure` user role. 5. Go to the added **Configurations** page. -6. If you want to connect to a server with a message security mode `Sign` or `Sign&Encrypt`, add your client certificate by clicking **Update application certificate** in the upper-right corner of the page. +6. If you want to connect to a server with a message security mode `Sign` or `Sign&Encrypt`, open the `Certifcates` page by clicking **Manage certificates** and then add your client certificate by clicking **Update application certificate** in the upper-right corner of the page. 7. Click **New configuration** in the upper-right corner of the page.