Issue when authenticating with certificates. "can't find X509IdentityToken in endpoint description"

Questions regarding the use of the UaExpert.

Moderator: uaexpert

Post Reply
victor.embacher
Jr. Member
Jr. Member
Posts: 2
Joined: 02 Mar 2022, 09:51

Issue when authenticating with certificates. "can't find X509IdentityToken in endpoint description"

Post by victor.embacher »

When connecting with UaExpert (Version:1.4.18 314 / 324c9019758bf5d541906845221499d0d87a80a4) to an open62541 server I get the follwing error(s):

Code: Select all

13:22:12.628 | Server Node        | open62541-based OPC UA Appl... | Endpoint: 'opc.tcp://localhost:4840/'
13:22:12.628 | Server Node        | open62541-based OPC UA Appl... | Security policy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'
13:22:12.629 | Server Node        | open62541-based OPC UA Appl... | ApplicationUri: 'urn:open62541.server.application'
13:22:12.629 | Server Node        | open62541-based OPC UA Appl... | Used UserTokenType: Certificate
13:22:12.669 | General            |                                | Error: UaSessionPrivate::activateSession - can't find X509IdentityToken in endpoint description
13:22:12.669 | Server Node        | open62541-based OPC UA Appl... | Error 'BadConfigurationError' was returned during ActivateSession
13:22:12.669 | Server Node        | open62541-based OPC UA Appl... | Connection status of server 'open62541-based OPC UA Application' changed to 'Disconnected'.
All related files to reproduce this issue can be found in this GitHub gist: https://gist.github.com/vembacher/ea697b15cd718e0d156ab1070dd5e0c2
It contains the following:
  • a minimum working example (server code, build script, etc.)
  • UaExpert log (same as above)
  • the server log
The following issue of open62541 is related (https://github.com/open62541/open62541/issues/3239) however it is unclear to me if this is an issue with UaExpert or open62541.

Additionally, I have the issue that I cannot select certificate authentication and can only use this authentication method when selecting the 'Advanced' tab. I think this might be related.

Image

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Issue when authenticating with certificates. "can't find X509IdentityToken in endpoint description"

Post by Support Team »

Hi,

please understand that we do not bugfix nor analyse any OpenSource implementation. This forum is dedicated to commercial Unified Automation toolkits and runtime products. The best option you have is, go to our website and download the CppDemoServer (in the download section under the "UA Server"), and give it a try with the CppDemoServer. You should use that to gain experience with the Certificate-UserToken and how to handle it.

From my experience I just can tell that the Certificate-UserToken is not much used and not that many applications have implemented the support for it. Most applications use the "User/PWD" option.

I think the error description in UaExpert log file gives you arelady some very good hint where to start your investigation.
Best regards
Unified Automation Support Team

victor.embacher
Jr. Member
Jr. Member
Posts: 2
Joined: 02 Mar 2022, 09:51

Re: Issue when authenticating with certificates. "can't find X509IdentityToken in endpoint description"

Post by victor.embacher »

Thanks for the quick reply!
please understand that we do not bugfix nor analyse any OpenSource implementation. This forum is dedicated to commercial Unified Automation toolkits and runtime products. The best option you have is, go to our website and download the CppDemoServer (in the download section under the "UA Server"), and give it a try with the CppDemoServer. You should use that to gain experience with the Certificate-UserToken and how to handle it.
Oh, sorry for the 'off-topic' post then then, I'll keep that in mind in the future.
So I can assume this is not an issue of UaExpert? Or neither yes nor no?
Thanks for pointing me towards the CppDemoServer, I will investigate that!
From my experience I just can tell that the Certificate-UserToken is not much used and not that many applications have implemented the support for it. Most applications use the "User/PWD" option.
That's interesting to hear.

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Issue when authenticating with certificates. "can't find X509IdentityToken in endpoint description"

Post by Support Team »

Hi,

UaExpert (at least when using a somewhat new/latest version) is the reference UA Client used by several 100k users around the globe. I am not saying that UaExpert is free of any bugs, however when having issues in straight forward use cases, it is very likely that the error is on the server side, but not in UaExpert.

In you case it is either a configuration error in the server, or the feature is not supported in the server. The trace in UaExpert is quite clear about what is root cause of the issue.

All further support must be done with the open source community.
Best regards
Unified Automation Support Team

Post Reply