I am trying to connect to AVEVA Simci OPC UA server 1.3 based on their instruction. But when I setup the server and try to connect I get an error below
"
Connection status of server 'SimSci OPC UA Server 1.3' changed to 'Disconnected'.
Endpoint: 'opc.tcp://localhost:62551/simsci/SimUAServer1.3'
Security policy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15'
ApplicationUri: 'urn:localhost:simsci:SimOpcUAServer'
Used UserTokenType: Anonymous
Error 'BadConnectionClosed' was returned during OpenSecureChannel
Connection status of server 'SimSci OPC UA Server 1.3' changed to 'Disconnected'.
"
Can please let me what's the issue?
Problem with SimSci-Esscor OPC UA Server 1.3
Moderator: uaexpert
-
hasann@cruxocm.com
- Jr. Member
- Posts: 1
- Joined: 03 Dec 2023, 21:18
-
Support Team
- Hero Member
- Posts: 3072
- Joined: 18 Mar 2011, 15:09
Re: Problem with SimSci-Esscor OPC UA Server 1.3
Hi,
there might be multiple issues with the AVEVA UA Server.
1) the security policy "Basic128Rsa15" is old, outdated and was deprecated by the OPC Foundation.
2) this old security policy has used signature SHA1 which is also outdated and deprecated.
3) this old security policy has used key length of (only) 1024bit, whereas 2048bit (or 4096) is the default today.
4) in case of using very old OpenSSL there might be additional glitches.
The UaExpert allows the use of the old and outdated security policies, but will show "WARNING" on first contact with server using this old policy, and will "ASK" the user to accept the faulty/outdated policy. However the default certificate of the UaExpert itself, the clientside certificate, is (of course) created for the new/latest policies (using SHA256 and key length 2048bit), which maybe the AVEVA can not deal with (for secured connection you need to trust on both sides).
Hint: You must check on the server side why the Aveva UA Server is (actively) closing the connection. The detailed error description is not transferred over the wire, hence you must check with the Aveva to look into trace and error log on the server side.
there might be multiple issues with the AVEVA UA Server.
1) the security policy "Basic128Rsa15" is old, outdated and was deprecated by the OPC Foundation.
2) this old security policy has used signature SHA1 which is also outdated and deprecated.
3) this old security policy has used key length of (only) 1024bit, whereas 2048bit (or 4096) is the default today.
4) in case of using very old OpenSSL there might be additional glitches.
The UaExpert allows the use of the old and outdated security policies, but will show "WARNING" on first contact with server using this old policy, and will "ASK" the user to accept the faulty/outdated policy. However the default certificate of the UaExpert itself, the clientside certificate, is (of course) created for the new/latest policies (using SHA256 and key length 2048bit), which maybe the AVEVA can not deal with (for secured connection you need to trust on both sides).
Hint: You must check on the server side why the Aveva UA Server is (actively) closing the connection. The detailed error description is not transferred over the wire, hence you must check with the Aveva to look into trace and error log on the server side.
Best regards
Unified Automation Support Team
Unified Automation Support Team