I'm attempting to set up a simple security certificate validation between a server and client on the same pc that allows for certification checking both ways (the client won't connect until validating the server and visa versa). I've used the OPC Foundation UA Configuration Tool to create a certificate for my server, and verified that the .der file is in the own/cert directory of its certificate store and the .pfx file is in the own/private directory. I've edited the App.config file of my server so that the only security policy is SecurityPolicy#Basic256Sha256:
Code: Select all
<SecurityProfiles>
<SecurityProfile>
<ProfileUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</ProfileUri>
<Enabled>true</Enabled>
</SecurityProfile>
</SecurityProfiles>
I'm trying to connect with UaExpert to this server. I've used the Configuration Tool to tell the server to trust the UaExpert application, and have verified that UaExpert's .der file appears in the trusted/cert directory of the server's certificate store.
When I open UaExpert and define a server, I set the enbpoint url to the right address/port, set the Security Policy to Basic256Sha256 and the Message Security Mode to Sign & Encrypt, and then under Authentication Settings I set the Certificate and Private to Key to the correct .der and .pfx files for the UaExpert. When I try to connect, it's unable and it prints out the error:
[uastack] OpcUa_SecureConnection_OnNotify: Connect event: ERROR 0x80050000!
[uastack] OpcUa_SecureConnection_OnNotify: Connect event: Notifying owner! 0x80050000
Could not connect to server: BadCommunicationError
On the other hand, if I compile the server so that it uses the SecurityPolicy#None policy instead, UaExpert asks me if it should trust the server, and when I say yes, it connects. I'm able to verify after this that the the server's .der has been copied to UaExpert's trusted list.
I need to be able to have the security check both ways, however, so I need to get past the BadCommunicataionError. Any suggestions?
Thanks in advance!