Certificate authorization

Questions regarding the use of the ANSI C SDK for Server or Client development or integration into customer products ...

Moderator: uasdkc

Post Reply
KarenSimonyan
Jr. Member
Jr. Member
Posts: 2
Joined: 26 Mar 2020, 16:47

Certificate authorization

Post by KarenSimonyan »

I'm making OPC UA client to make connection via self signed Certificate authorization.

I'm using ANSI C based OPC UA Client/Server SDK.

Code: Select all

        OpcUa_CertificateStoreConfiguration PKIConfig;
        OpcUa_Handle hCertificateStore = OpcUa_Null;
        OpcUa_MemSet(&PKIProvider, 0, sizeof(PKIProvider));
        OpcUa_CertificateStoreConfiguration_Initialize(&PKIConfig);
        pSession->UserToken.TokenType = OpcUa_UserTokenType_Certificate;
        OpcUa_ByteString_Initialize(&pSession->UserToken.Token.X509.UserCertificate);
        OpcUa_Key_Initialize(&pSession->UserToken.Token.X509.UserPrivateKey);
        PKIConfig.strPkiType = (char *) OPCUA_P_PKI_TYPE_OPENSSL;
        PKIConfig.strTrustedCertificateListLocation = config.certificatePath;
        uStatus = OpcUa_PKIProvider_Create(&PKIConfig, &PKIProvider);
        OpcUa_GotoErrorIfBad(uStatus);
        uStatus = PKIProvider.OpenCertificateStore(&PKIProvider, &hCertificateStore);
        OpcUa_GotoErrorIfBad(uStatus);
        uStatus = PKIProvider.LoadCertificate(&PKIProvider,
                                              config.certificatePath,
                                              hCertificateStore,
                                              &pSession->UserToken.Token.X509.UserCertificate);
        OpcUa_GotoErrorIfBad(uStatus);
        uStatus = PKIProvider.LoadPrivateKey(config.keyPath,
                                             OpcUa_Crypto_Encoding_PEM,
                                             OpcUa_Null,
                                             &pSession->UserToken.Token.X509.UserPrivateKey);
        pClientConfiguration->PkiConfig=PKIConfig;
        OpcUa_GotoErrorIfBad(uStatus);
        uStatus = PKIProvider.CloseCertificateStore(&PKIProvider, &hCertificateStore);
        OpcUa_GotoErrorIfBad(uStatus);
In the case of setting any endpoint security URI, I get a response:

Code: Select all

2020-03-25T16:06:25.229Z|W|16427740* UA Client: Connecting to opc.tcp://*******:48020 ...
2020-03-25T16:06:25.229Z|E|16427740* UaClient_Session_BeginConnect: no client certificate was configured
2020-03-25T16:06:25.229Z|E|16427740* <-- UaClient_Session_BeginConnect (0x80890000)

In the case of not setting any endpoint security URI, I get a response:

Code: Select all

2020-03-25T15:23:47.877Z|W|7553D740* OpcUa_SecureListener_ProcessSessionCallRequest: NonDiscovery Service requested through non secure channel.
2020-03-25T15:23:47.879Z|E|7553D740* OpcUa_SecureListener_ProcessRequest: Closing channel due error 0x80550000!
2020-03-25T15:23:47.880Z|W|7553D740* OpcUa_TcpListener_ReadEventHandler: Process Request returned an error (0x80550000)!
2020-03-25T15:23:47.884Z|W|7553D740* OpcUa_TcpListener_ReadEventHandler: Closing socket (0x00000000)!

User avatar
Support Team
Hero Member
Hero Member
Posts: 3057
Joined: 18 Mar 2011, 15:09

Re: Certificate authorization

Post by Support Team »

Hi,

please work yourself through the client side tutorial (lesson 4) as described in the documentation of the SDK.
https://documentation.unified-automation.com/uasdkc/1.9.2/html/clientgettingstarted4.html

This will give you a detailed insight on how to discover and create a secure connection.
Best regards
Unified Automation Support Team

Post Reply