Login  •  Register


[Error] Certificate Register  Topic is solved

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

[Error] Certificate Register

Postby Americium » 07 Feb 2019, 17:35

Hi,

I'm a french student and i have to create a client/server for my studies !

I created my client. (I took the UaclClient) - (For my server i took the UaclServer - I havent change its main)
I'm trying to connect my client to the server with a security certificate.
I can create my certificate. (it's an untrusted certificate).
I add my certs to my UserIdentity :
(From my main)
Code: Select all
obj.SessionHandle.Session.UserIdentity.Certificate = mycerts;

And modify the type of connection :
(From RemoteObject.cs)
Code: Select all
session.Connect(session.SessionUri.Uri.AbsoluteUri, SecuritySelection.BestAvailable);

I configured my server like this :
(From InternalServer.cs)
Code: Select all
new SecurityProfile {ProfileUri = SecurityProfiles.Basic256, Enabled = true},
new SecurityProfile {ProfileUri = SecurityProfiles.Basic128Rsa15, Enabled = false},
new SecurityProfile {ProfileUri = SecurityProfiles.None, Enabled = false}

Code: Select all
application.AutoCreateCertificate = true;


When i try to connect, I have this error :
The client application does not have a certificate assigned.
So, i try with the debug mode and before the error i look at the object UserIdentity and the variable isnt null.

I don't know if the problem comes from adding of the certificate in the UserIdentity.
This is the right space to present the certificate ?
Or if the problem comes from my creation of the certs.

Thanks you for your reading and help.


Sincerely,
Americium.
Americium
Newbie
Newbie
 
Posts: 5
Joined: 07 Feb 2019, 17:01

Re: [Error] Certificate Register

Postby Support Team » 08 Feb 2019, 07:24

Hello,

You should not add a certificate to the UserIdentity. Using certificates for users is not supported fully at server side with the current version of the sdk.

But you need to have an ApplicationInstance certificate. Please make sure that a certificate is configured and that the Opc.Ua.CertificateGenerator.exe is locatet at the correct folder (next to the application).
Best regards
Unified Automation Support Team
User avatar
Support Team
Hero Member
Hero Member
 
Posts: 2407
Joined: 18 Mar 2011, 15:09

Re: [Error] Certificate Register

Postby Americium » 08 Feb 2019, 11:28

Hi,

Thank you for your prompt response.

You solve my problem.
Now i have this error :
"The certificate is not trusted"
It's normally when i look at it, it's untrusted.
To solve this, i saw that it's possible to self-certifye for the session.
Step 2: Prompt the User to Trust the Certificate

So, i add this code :
Code: Select all
obj.SessionHandle.Session.Application.ApplicationCertificate = mycerts;
obj.SessionHandle.Session.Application.TrustedStore.Add(mycerts, true, false);

The certificate is moved to the trusted list.
A comment indicates that this part can simply move the certificate.
Code: Select all
// note that this code does not to enable 'temporary trust'.

So, to trust it, i have to use a certificate authority or i can trust its with another function ?
(When i speak about "Trust" it's the certificate who it's not trusted, my application have the certificate in its trust list)

Thank you for your help and your time.

Sincerely,
Americium.
Americium
Newbie
Newbie
 
Posts: 5
Joined: 07 Feb 2019, 17:01

Re: [Error] Certificate Register

Postby Support Team » 08 Feb 2019, 15:39

Hello,

There are two ways of trusting a certificate.
[*] You can move the file from the rejected store to the trusted store manually.
[*] You can implement the EventHandler UntrustedCertificate. You can set the Accept property in UntrustedCertificateEventArgs to 'true' to accecpt the certificate.
Best regards
Unified Automation Support Team
User avatar
Support Team
Hero Member
Hero Member
 
Posts: 2407
Joined: 18 Mar 2011, 15:09

Re: [Error] Certificate Register

Postby Americium » 13 Feb 2019, 15:04

Thank you again for your answer.
Sorry to reply late.
I modified the event Handler and I accept this famous certs.
Now, the certs were accepted by the client.

I started to develop the server, so i start with the same file "app.config".
My server is runing and i have my endpoint.
When i try to connect my client, i receive this error from the server :
UnifiedAutomation.UaBase.StatusException: Error received from remote host: [BadSecurityChecksFailed]
I have the same config with my client and my server :
Code: Select all
<UserIdentity>
  <EnableCertificate>true</EnableCertificate>
</UserIdentity>

<SecurityProfiles>
  <SecurityProfile>
    <ProfileUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</ProfileUri>
    <Enabled>true</Enabled>
  </SecurityProfile>
</SecurityProfiles>

In your Demo and Tutorial for server developpement i have seen only the connection with Anonyme or Username Identity Token.

Above the UserIdentity, i have this comment :
Code: Select all
Authentication with certificate is not fully implemented.

The authentication with certificate is disable for a demo licence ?
The authentication with certificate is fully disable ?

Thank you for your help and your time.

Sincerely,
Americium
Americium
Newbie
Newbie
 
Posts: 5
Joined: 07 Feb 2019, 17:01

Re: [Error] Certificate Register  Topic is solved

Postby Americium » 15 Feb 2019, 09:54

Hi,

I solve the problem with the DemoUaServer.
It was a problem from my ApplicationUri in my certificat and my endpoint (UserIdentityToken - Server).

Thank you for your help and your time !
Americium
Newbie
Newbie
 
Posts: 5
Joined: 07 Feb 2019, 17:01


Return to .NET based OPC UA SDK

Who is online

Users browsing this forum: No registered users and 1 guest