Cannot create an ApplicationIdentity object with my certificate

[Lost+Found]

Hello,

I have the Java SDK (evaulation version) installed on linux. The SampleConsoleServer runs fine out of the box. However, when I try modifying the SampleConsoleServer to use my own certificate I get an exception on instantiating an ApplicationIdentity object.

Exception in thread "main" java.lang.ClassCastException: org.bouncycastle.asn1.DERUnknownTag cannot be cast to org.bouncycastle.asn1.ASN1Object
at org.bouncycastle.asn1.ASN1Object.fromByteArray(Unknown Source)
at org.bouncycastle.crypto.util.PrivateKeyFactory.createKey(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.decodeRSAPrivateKey(Unknown Source)
at org.opcfoundation.ua.transport.security.PrivKey.(Unknown Source)
at org.opcfoundation.ua.transport.security.PrivKey.load(Unknown Source)
at com.prosysopc.ua.SecureIdentity.a(Unknown Source)
at com.prosysopc.ua.SecureIdentity.(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.(Unknown Source)
at com.prosysopc.ua.samples.SampleConsoleServer.main(SampleConsoleServer.java:1061)

The application certificate was generated by my organisation's CA The public key is a .cer file and the private key a .pem file. Any ideas/help much appreciated.

Cheers.

[Support Team]

Hello Ben,

the Java stack does not read .pem files.
It can read .pfx files, so the private key should be stored as such.

Best regards
Unified Automation Support Team

[Lost+Found]

Thanks for the info. I converted the certificate to pfx format and retried. The app successfully creates an ApplicationIdentity object using my generated certificate files however I subsequently get a NullPointerException on initialising the UaServer object:

* Prosys OPC UA Java SDK v1.2.0.2345
* (c) Prosys PMS Ltd.

* Running in EVALUATION mode
* Connections will close after 120 minutes

Instantiaing ApplicationIdentity with:
public [/user/bfarnham/work/opc-ua/generated_cern_ca_certs/newcert.cer]
private [/user/bfarnham/work/opc-ua/generated_cern_ca_certs/newcert.pfx]
Exception in thread "main" java.lang.NullPointerException
at com.prosysopc.ua.server.UaServer.init(Unknown Source)
at com.prosysopc.ua.samples.SampleConsoleServer.main(SampleConsoleServer.java:1092)

If the SampleConsoleServer uses certificates it generated itself then it starts up fine - I assume I am doing something wrong with the certificates.

Cheers

[Support Team]

You should compare the information in your certificate with the information in the certificate generated by the server.

There are optional fields in the certificate required for OPC UA.

All OPC UA Applications require an application instance certificate which shall contain the following
information:

• The network name or address of the computer where the application runs;
• The name of the organisation that administers or owns the application;
• The name of the application;
• The URI of the application instance;
• The name of the certificate authority that issued the certificate;
• The issue and expiry date for the certificate;
• The public key issued to the application by the certificate authority (CA);
• A digital signature created by the certificate authority (CA).

Best regards
Unified Automation Support Team

[jaro]

Version 1.3.0 released today, reads and writes the private key in .pem files by default. .pfx can be read as well - and written. .jks is supported as well.