The client application does not have a certificate assigned.

[VilleK]

Hello,

I'm trying to create a simple read client with certificate and username authentication. Client works like charm as long as there is no certificate involved. As soon as I add UaClient.SecuritySelection.BestAvailable I get error no Certificate assigned.

Sorry for the VB...

Code: Select all

            Dim usSession As UaClient.Session = New UaClient.Session
            usSession.UseDnsNameAndPortFromDiscoveryUrl = False
            usSession.UserIdentity = New UaClient.UserIdentity
         
            Dim store As UaBase.ICertificateStore = UaBase.SecurityUtils.CreateStore("LocalMachine\TrustedPeople")

            Dim thumb As String
            thumb = "03E2EF314668E41C12E150933F81F9585FC01AA3"
        
            Dim cert As UaBase.ICertificate
            cert = store.Find(thumb, True)

            usSession.UserIdentity.Certificate = cert
            usSession.UserIdentity.IdentityType = UaClient.UserIdentityType.Certificate
           
            'debug that we have actually loaded a certificate
            MsgBox(usSession.UserIdentity.Certificate.IssuerName.ToString)

            usSession.UserIdentity.UserName = "Username"
            usSession.UserIdentity.Password = "Password"

            usSession.Connect("opc.tcp://127.0.0.1:48030", UaClient.SecuritySelection.BestAvailable)

I can see that proper certificate is assisgned. I if don't put BestAvailable as settings I can actually see the certificate being used demo server. The client server requires security, so I need to get it working.

Here is the output log

10:01:44.749|0010|00|0|***VALID***UaSdkNetClient-2.3.3-Win32-Binary - ClientSDK enabled -
10:01:44.758|0010|01|4|DEBUGGER DETECTED: Adding TraceConsoleListener.
10:01:44.775|0010|00|0|***VALID***UaSdkNetClient-2.3.3-Win32-Binary - ClientSDK enabled -
10:01:44.779|0010|01|2|Generated default application settings.
10:01:44.784|0010|01|4|Processing Command Line: {OPCUA-tester.vshost.exe}
10:01:44.815|0010|01|2|No application certificate available. SubjectName=OPCUA-tester@localhost, StorePath=%CommonApplicationData%\UnifiedAutomation\CertificateStores\PrivateKeys
The thread '<No Name>' (0x3554) has exited with code 0 (0x0).
10:01:46.893|0010|02|0|MODULE LOADED [2] UnifiedAutomation.Client
10:01:46.899|0010|02|4|STATUS CHANGED: Connecting
10:01:48.034|0014|02|1|[BadTcpInternalError] Error during OnGetEndpointsComplete.|StatusException|An unexpected error occurred while connecting to the server.
A first chance exception of type 'UnifiedAutomation.UaBase.StatusException' occurred in UnifiedAutomation.UaBase.dll
10:01:48.063|0010|02|1|[BadTcpInternalError] Error during EndConnect.|StatusException|An unexpected error occurred while connecting to the server.
10:01:48.066|0010|02|4|STATUS CHANGED: Disconnected
A first chance exception of type 'UnifiedAutomation.UaBase.StatusException' occurred in UnifiedAutomation.UaClient.dll
The program '[14256] OPCUA-tester.vshost.exe: Managed (v4.0.30319)' has exited with code 0 (0x0).

Do I need to create some extra certificate for the application with SubjectName=OPCUA-tester@localhost?

[VilleK]

I failed to add the application certificate, but you can set the certificate manually to session settings before connecting.

Code: Select all

            usSession.Application.ApplicationCertificate = cert
            usSession.Application.ApplicationUri = "urn:SDKINTEG01:UnifiedAutomation:UaExpert@SDKINTEG01"

So I was able to reuse the UaExpert certificate that was already accepted by client side.
I think it might also work if you would add the certificate to default path too C:\ProgramData\unifiedautomation\CertificateStores.

[Support Team]

Hello,

Each OPC UA Application should have its own unique certificate assigned. You should not reuse certificates of other applications. The data of the SDK will not match the settings of your application.
You should configure your application settings (e.g. app.config) and start your application with argument "/install" for one time. This way you can create your own certificate.

Best regards
Support Team

[VilleK]

This is not very ideal if we have to make client side accept our certificate everytime we deploy new install.

[Support Team]

Hello,

Starting the application with '/install' will only create an AppilcationInstance certificate if a valid one does NOT exist. If you provide a new version of your client and call '/install' the client can reuse the certificate of the old installation.
Please see InstallationSettings: GenerateCertificateIfNone and DeleteCertificateOnUninstall.

Best regards
Support Team