Debugging Certificate Issues

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

Moderator: uasdknet

Post Reply
JonLor
Hero Member
Hero Member
Posts: 48
Joined: 30 Jan 2014, 11:05

Debugging Certificate Issues

Post by JonLor »

Hello,

I have used the App.config from the client in GettingStarted_VS2010 for my test application to get started using certificates. I also have a OPC server which works fine to connect to when being run on the same machine as the client. Now I try to connect to the OPC UA server when running on a different machine on the network, then I get this error in the log file:

...
13:44:39.036|0015|02|1|[BadCertificateInvalid] Error during OnCreateSessionComplete.|StatusException|The certificate return in the CreateSession response does not match the certificate used to create the secure channel.
13:44:39.047|0015|02|1|[BadCertificateInvalid] Error during EndConnect.|StatusException|The certificate return in the CreateSession response does not match the certificate used to create the secure channel.
13:44:39.048|0015|02|4|STATUS CHANGED: Disconnected

Can you suggest how to debug this problem? My first guess was that the firewall caused problems, but reading the log implies that the client in fact connected (was able to get the certificate).

Best regards
Jonas

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Debugging Certificate Issues

Post by Support Team »

Hi Jonas,

You are getting a response so it is definitely not a firewall issue.

Did you develop the Server?
The error makes it sound like it is a Server configuration problem.

Best Regards,
Unified Automation Support Team

JonLor
Hero Member
Hero Member
Posts: 48
Joined: 30 Jan 2014, 11:05

Re: Debugging Certificate Issues

Post by JonLor »

Hi,

I have picked up this old problem again. I'm trying to connect to a OPC UA server (developed by us) on another machine. When using UA Expert it works fine to make the connect, but when connecting with our test application we run into what looks like certificate issues. This is an selection from the log:

10:30:35.016|0010|01|2|Generated default application settings.
10:30:35.017|0010|01|4|Processing Command Line: {C:\TFS-CGA\HMI\Applications\HmiDemonstrator\Trunk\delivery\Binaries\HmiDemonstrator.Wpf.vshost.exe}
10:30:35.050|0010|01|2|No application certificate available. SubjectName=HmiDemonstrator@localhost, StorePath=%CommonApplicationData%\UnifiedAutomation\CertificateStores\PrivateKeys
10:30:37.483|0010|02|0|MODULE LOADED [2] UnifiedAutomation.Client
10:30:37.487|0010|02|4|STATUS CHANGED: Connecting
10:30:37.608|0017|01|4|SECURE CHANNEL CREATED [TcpClientChannel UA-TCP 2.0.0.0] [ID=627605] Connected To: opc.tcp://192.168.0.3:48010/ [None/None/]
10:30:37.647|0018|01|4|TCPCLIENTCHANNEL SOCKET CLOSED: 000004D0, ChannelId=627605
10:30:37.669|0017|01|4|Selecting URL for DiscoveryUrl=opc.tcp://192.168.0.3:48010//UseSecurity=False/transportProfileUri=
10:30:37.688|0020|01|4|SECURE CHANNEL CREATED [TcpClientChannel UA-TCP 2.0.0.0] [ID=5891135] Connected To: opc.tcp://sevst-l-0007441:48010/ [None/None/]
10:30:37.721|0006|02|1|[BadCertificateInvalid] Error during OnCreateSessionComplete.|StatusException|The certificate return in the CreateSession response does not match the certificate used to create the secure channel.
'ABB.Cga.Hmi.HmiDemonstrator.Wpf.vshost.exe' (CLR v4.0.30319: HmiDemonstrator.Wpf.vshost.exe): Loaded 'C:\TFS-CGA\HMI\Applications\HmiDemonstrator\Trunk\delivery\Binaries\HmiDemonstrator.dll'. Symbols loaded.
10:30:37.776|0006|02|1|[BadCertificateInvalid] Error during EndConnect.|StatusException|The certificate return in the CreateSession response does not match the certificate used to create the secure channel.
10:30:37.777|0006|02|4|STATUS CHANGED: Disconnected

I can't find a way to debug this issue further. Is there a way of getting more information regarding the certificate configuration?

JonLor
Hero Member
Hero Member
Posts: 48
Joined: 30 Jan 2014, 11:05

Re: Debugging Certificate Issues

Post by JonLor »

I just figured it out, as you previously suggested it was a server configuration issue.

Thanks!

delian.jekov
Jr. Member
Jr. Member
Posts: 1
Joined: 08 Jan 2021, 16:58

Re: Debugging Certificate Issues

Post by delian.jekov »

Hi,

Could you please describe the issue you had in the server configuration and how you solved it. I'm now getting similar issue and the occurrences are sporadic.

Thanks!

Post Reply