2

I have a OPC-ua server on a siemens s7-1200 plc. Now when I want to connect using an OPC client I made in .NET. I have the option to enable auto accept untrusted servercertificates. The documentation states that this should not be used in production. It does not state why.

The only reason I can think of is someone getting into my network and spoofing a fake server between the client and the server.

Why should I turn this off and manually put the certificate in the thrusted certificates folder? My server and client are on a local network (that have internet access).

<!-- WARNING: The following setting (to automatically accept untrusted certificates) should be used
for easy debugging purposes ONLY and turned off for production deployments! -->
<AutoAcceptUntrustedCertificates>false</AutoAcceptUntrustedCertificates>
Victor Pieper
  • 540
  • 2
  • 17

1 Answers1

3

The only reason I can think of is someone getting into my network and spoofing a fake server between the client and the server.

This is the primary reason.

Kevin Herron
  • 6,500
  • 3
  • 26
  • 35
  • 1
    The fake server does not have to be "between the client and the server". It can just be a fake server, standalone. No original server is necessary. – ZbynekZ Mar 08 '23 at 17:55
  • Yes, that's a good point @ZbynekZ. It makes it easy for an adversary to impersonate a legitimate server. – Kevin Herron Mar 08 '23 at 21:16
  • @ZbynekZ do you mean like the server connecting to the client instead of the client to the server? – Victor Pieper Mar 08 '23 at 22:31
  • 1
    No. I mean that the attacker can substitute his own rogue server in place of the genuine server. And if the client ignores the server certificate, it will happily connect to the rogue server. – ZbynekZ Mar 09 '23 at 06:32