Client certificate rejected w. 'BadSecurityChecksFailed'

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

Moderator: uasdknet

Post Reply
thomas.koehrsen
Jr. Member
Jr. Member
Posts: 1
Joined: 16 Jan 2024, 11:17

Client certificate rejected w. 'BadSecurityChecksFailed'

Post by thomas.koehrsen »

Hi UA Forum.

Our implementation of the OPC UA Server is returning 'BadSecurityCheckFailed' towards a 3rd party OPC UA Client.

Is the client certificate 'Bad' and in what way?

Server log writes the following:

Code: Select all

2024-01-09 11:56:42.6881|0016|01|4|Opening connection '92cad990-bef3-49bd-9aff-35c429c34a34'
2024-01-09 11:56:42.6881|0091|01|4|Connection Hello received '92cad990-bef3-49bd-9aff-35c429c34a34'
2024-01-09 11:56:42.6881|0091|01|1|[BadSecurityChecksFailed] Error processing incoming message. SecureChannelId=0|StatusException|Input buffer needs to be a multiple of the key size.
2024-01-09 11:56:42.6881|0091|01|4|Closing connection '92cad990-bef3-49bd-9aff-35c429c34a34' SCID=0
Top
User avatar
Support Team
Hero Member
Hero Member
Posts: 3072
Joined: 18 Mar 2011, 15:09

Re: Client certificate rejected w. 'BadSecurityChecksFailed'

Post by Support Team »

Hi,

this is hard to say with such little information. The OpenSecureChannel is not working.
  • The third pary client is from which company?
  • Is that available for testing?
  • Have you been able to connect to any other server with this third party client?
  • Have you tested with UaExpert? Does it work when using UaExpert and doing similar scenario?
Our educated guess is, that the client is using the wrong (or no) security algorithm (or padding) for encryption, hence the cypher is of incorrect length, and rejected by the server.
Best regards
Unified Automation Support Team
Top
Post Reply

Return to “.NET based OPC UA SDK”