Short story: Fixed with this commit
Long story: I can access Node OPCUA server from Python opc-client, Prosys OPCUA Explorer, and UaExpert but not from RS OPCUA driver with BadIdentityTokenInvalid error. I decided to compile Reference Client from OPCFoundation (with same branch as use by KpOpcUa, with hard coded certificate check domain disabled) and voila… I can access Node OPCUA server. So, my above change based on what I have found in OPCFoundation example codes.