Certificate-Authentication on server is possible with random private keys

[kabel-knrd]

Hello everyone,

I want to create a server that provides the feature to authenticate via a x509 certificate. During the setup I followed or used the example server https://github.com/FreeOpcUa/opcua-asyncio/blob/master/examples/server-with-encryption.py. As a client I am using UA Expert.

During testing I found out that it's possible to login to the server by providing any private key with the stored certificate.
The successful login is limited only by providing the correct certificate, but not by providing the correct certificate and the coresponding private key as it should be.
Referring to the given example, the login is possible with the certificate peer-certificate-example-1.der and e.g. the private key peer-private-key-example-3.pem.

Did I miss a configuration step during the server setup or did I overlook some other critical point?

Thanks for any help!

[aeidenberg]

Hello everyone and kabel-knrd,
I just noticed the same behaviour with the example server and UA Expert as client, using my generated certificates. Did you find out what is causing this? Like you said, did I overlook some critical point or miss a configuration step?

Thanks,
Achim