Unified Architecture topics related to OPC UA Specification, compliant behavior and any technical issues of OPC UA, like Security, Information Model, Companion Specs DI, PLCopen, ADI, ...

Moderator: Support Team

Post Reply
Jr. Member
Jr. Member
Posts: 3
Joined: 29 Oct 2018, 23:42


Post by »


I'm attempting to set up a simple security certificate validation between a server and client on the same pc that allows for certification checking both ways (the client won't connect until validating the server and visa versa). I've used the OPC Foundation UA Configuration Tool to create a certificate for my server, and verified that the .der file is in the own/cert directory of its certificate store and the .pfx file is in the own/private directory. I've edited the App.config file of my server so that the only security policy is SecurityPolicy#Basic256Sha256:

Code: Select all


I'm trying to connect with UaExpert to this server. I've used the Configuration Tool to tell the server to trust the UaExpert application, and have verified that UaExpert's .der file appears in the trusted/cert directory of the server's certificate store.

When I open UaExpert and define a server, I set the enbpoint url to the right address/port, set the Security Policy to Basic256Sha256 and the Message Security Mode to Sign & Encrypt, and then under Authentication Settings I set the Certificate and Private to Key to the correct .der and .pfx files for the UaExpert. When I try to connect, it's unable and it prints out the error:

[uastack] OpcUa_SecureConnection_OnNotify: Connect event: ERROR 0x80050000!
[uastack] OpcUa_SecureConnection_OnNotify: Connect event: Notifying owner! 0x80050000
Could not connect to server: BadCommunicationError

On the other hand, if I compile the server so that it uses the SecurityPolicy#None policy instead, UaExpert asks me if it should trust the server, and when I say yes, it connects. I'm able to verify after this that the the server's .der has been copied to UaExpert's trusted list.

I need to be able to have the security check both ways, however, so I need to get past the BadCommunicataionError. Any suggestions?

Thanks in advance!

User avatar
Support Team
Hero Member
Hero Member
Posts: 2550
Joined: 18 Mar 2011, 15:09

Re: BadCommunicationError

Post by Support Team »


you should not confuse Application Instance certificates with User certificates.
UaExpert creates its own self-signed certificate and private key on first start and uses this automatically when connecting using a secure policy.
There is no need to configured something in authentication settings.
The Application Instance certificate is used to establish the secure channel.

Authentication settings are there for authenticating the user, which creates the session.
This can be done using Anonymous, Username/Password and X509 certificates (user certificates).

In both cases UaExpert expects certificates in DER format and private keys in PEM format.
pfx is not supported.

Please have a look at the documentation here: http://documentation.unified-automation ... nnect.html
which explains this in more detail.
Best regards
Unified Automation Support Team

Post Reply