LDS / Configuration Tool / Client-Server Connection

Unified Architecture topics related to OPC UA Specification, compliant behavior and any technical issues of OPC UA, like Security, Information Model, Companion Specs DI, PLCopen, ADI, ...

Moderator: Support Team

Post Reply
tooLate
Sr. Member
Sr. Member
Posts: 10
Joined: 10 Jun 2013, 15:09

LDS / Configuration Tool / Client-Server Connection

Post by tooLate »

I am not sure if my question is right for this section.

I have the problem establishing a secure connection with UA Expert to my Server build with the .NET SDK or the UA .NET SDK Demo Server.

I think the problem lies with the application instance certificates. So I have several questions:

1. Were can I get the OPC UA Configuration Tool ?
If I download the OPC UA LDS package from OPC Foundation it only contains the Certifcate Generator.
Does it come with any of your SDKs ? Because I can not find it and the Redistributable package from the OPC Foundation is for members only.

It comes with the SDK from Softing in Version 1.1 but I dont want to install their SDKs just for the Configuration Tool.

2. Does a basic Demo Server build with your SDK create a certificate without the install option ?
I ask because the install paremeter works with the UA .NET Demo Server of yours but I not with my Server and I could not find any application instance
certificate in the usual places after running my server without the install parameter.

For information, it is just a early basic implementation like the lesson 3 server from the .NET SDK Doku.

A problem was that even if several endpoints were defined in the app.config file like:

opc.tcp://localhost:48666/ [SignAndEncrypt:Basic256:Binary]: Status = Good

opc.tcp://localhost:48666/ [SignAndEncrypt:Basic128Rsa15:Binary]: Status = Good

opc.tcp://localhost:48666/ [None:None:Binary]: Status = Good

the console output showed me only the unsecure one. Only after trying to somehow creating a certificate, my server
suddenly showed all three endpoints, so I guess it has something to do with the application instance certificates being able to use secure endpoints.

3. When I experiment with secure connections between UA Expert and the UA .NET Demo Server I still have problems.
Even when I think that I have all the needed application instance certificates in the right trusted lists and UA tells me that the
certificate is valid, it warns me that the URI in the certificate does not match the Application URI of the server.

Even when I say ok the connection can not be established:

15:54:12.181 | Server Node | Server Prototype - B... | Connecting failed with error 'BadConnectionClosed'
15:54:12.133 | Server Node | Server Prototype - B... | User forced to continue the connection to a possible unsecure server.
15:53:28.137 | Server Node | Server Prototype - B... | The server returned a valid certificate.
15:53:26.501 | Server Node | Server Prototype - B... | The certificate is self-signed, and is not found in the list of trusted certificates.

I know the information is vague but maybe you can give me some general information how this works or what could be missing
and information about if it is possible to get the OPC UA configuration tool or if I dont need it.

thank you

best regards

tooLate
Sr. Member
Sr. Member
Posts: 10
Joined: 10 Jun 2013, 15:09

Re: LDS / Configuration Tool / Client-Server Connection

Post by tooLate »

I can update the situation and clarify some points:

So I found out that the "BadConnectionClosed" error occured, because I had not copied the UA Expert Certificate into the UA Server trusted folder.

I also found out that the "URI is not matching" problem was due to the application configuration file which had a specific hostname written into it. It did not match the URI running the server on another PC.

And finally, using the /install parameter for the Server, the Certificate is generated correctly. The difference is that the Demo Server showed no output using this paremeter, while my Server started like usual and
showed the following error message:

Listening at the following endpoints:
ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.

So most of my problems are solved

Post Reply