Unable to connect server_sdk_tutorial using client_cpp_sdk

Questions regarding the use of the C++ SDK for Server or Client development or integration into customer products ...

Moderator: uasdkcpp

Post Reply
farslan
Jr. Member
Jr. Member
Posts: 1
Joined: 23 Nov 2017, 19:07

Unable to connect server_sdk_tutorial using client_cpp_sdk

Post by farslan »

Hi,

I'm using C++ Based OPC UA Client/Server SDK v1.5.5.355.

I'm unable to make a secure connection using server_sdk_tutorial and client_cpp_sdk. I've tried all endpoints.
Log:

Code: Select all

****************************************************************
** Try to connect to selected server
-- Event connectError ---------------------------------
clientConnectionId 0 
Service Type Processing of Service ActivateSession 
Status BadIdentityTokenRejected
-------------------------------------------------------
** Error: UaSession::connect failed [ret=BadIdentityTokenRejected]
****************************************************************

------------------------------------------------------------
- Make sure the client certificate is in server trust list -
- Check rejected directory of server PKI store             -
------------------------------------------------------------
And this is how certificates are located:

Code: Select all

# find /usr/bin/pki*
/usr/bin/pkiclient
/usr/bin/pkiclient/issuers
/usr/bin/pkiclient/issuers/certs
/usr/bin/pkiclient/issuers/crl
/usr/bin/pkiclient/own
/usr/bin/pkiclient/own/private
/usr/bin/pkiclient/own/private/uaclientcpp.pem
/usr/bin/pkiclient/own/certs
/usr/bin/pkiclient/own/certs/uaclientcpp.der
/usr/bin/pkiclient/trusted
/usr/bin/pkiclient/trusted/certs
/usr/bin/pkiclient/trusted/certs/883DAE43219BB5CD4542391060A272817D68B3C6.der
/usr/bin/pkiclient/trusted/crl
/usr/bin/pkiserver
/usr/bin/pkiserver/issuers
/usr/bin/pkiserver/issuers/certs
/usr/bin/pkiserver/issuers/crl
/usr/bin/pkiserver/own
/usr/bin/pkiserver/own/private
/usr/bin/pkiserver/own/private/uaservercpp.pem
/usr/bin/pkiserver/own/certs
/usr/bin/pkiserver/own/certs/uaservercpp.der
/usr/bin/pkiserver/trusted
/usr/bin/pkiserver/trusted/certs
/usr/bin/pkiserver/trusted/certs/CB734AF6A19712AD085FDAE3402E3233897FA56E.der
/usr/bin/pkiserver/trusted/crl
/usr/bin/pkiserver/rejected
However, following same exact steps, I'm able to make secure connection to server (server_lesson04) using client_lesson04 as can be seen in log below.

Code: Select all

-------------------------------------------------------
- The following certificate is not trusted yet        -
-------------------------------------------------------
- CommonName              UaServerCpp@iot2000
- Issuer.commonName       UaServerCpp@iot2000
- Issuer.organization     Organization
- Issuer.organizationUnit Unit
- Issuer.state            
- Issuer.country          DE
- ValidFrom               2017-11-23T17:16:40.000Z
- ValidTo                 2022-11-22T17:16:40.000Z

'y' + Enter if you want to trust the certificate temporarily.
'p' + Enter if you want to trust the certificate permanently an copy the server certificate into the client trust list.
Enter if you don't want to trust the certificate.
p
Certificate was accepted permanently.

Connecting to opc.tcp://localhost:48010
Connect failed with status BadSecurityChecksFailed
********************************************************************************************
Connect with security failed. Make sure the client certificate is in the servers trust list.
********************************************************************************************

Press Enter to close

root@iot2000:~# client_lesson04 

Call FindServers on Url opc.tcp://localhost:48010

FindServers succeeded
** Application [0] **********************************************************
 ApplicationUri       urn:iot2000:UnifiedAutomation:UaServerCpp
 ApplicationName      UaServerCpp@iot2000
** DiscoveryUrl [opc.tcp://iot2000:48010] ***********************
** Endpoint[0] ***********************************************
 Endpoint URL     opc.tcp://iot2000:48010
 Security Policy  http://opcfoundation.org/UA/SecurityPolicy#None
 Security Mode    None
**************************************************************
** Endpoint[1] ***********************************************
 Endpoint URL     opc.tcp://iot2000:48010
 Security Policy  http://opcfoundation.org/UA/SecurityPolicy#Basic256
 Security Mode    Sign
**************************************************************
** Endpoint[2] ***********************************************
 Endpoint URL     opc.tcp://iot2000:48010
 Security Policy  http://opcfoundation.org/UA/SecurityPolicy#Basic256
 Security Mode    SignAndEncrypt
**************************************************************
** Endpoint[3] ***********************************************
 Endpoint URL     opc.tcp://iot2000:48010
 Security Policy  http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
 Security Mode    Sign
**************************************************************
** Endpoint[4] ***********************************************
 Endpoint URL     opc.tcp://iot2000:48010
 Security Policy  http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
 Security Mode    SignAndEncrypt
**************************************************************
************************************************************************
******************************************************************************

Press Enter to connect with security


Try to find secure Endpoint on: opc.tcp://localhost:48010
Endpoint with best security found:
 Endpoint URL     opc.tcp://iot2000:48010
 Security Policy  http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
 Security Mode    SignAndEncrypt

Connecting to opc.tcp://localhost:48010
-------------------------------------------------------------
Connection status changed to Connected
-------------------------------------------------------------
Connect succeeded

Press Enter to read values


Reading ...
Read failed for item[0] with status BadNodeIdUnknown
Read failed for item[1] with status BadNodeIdUnknown
Value[2]: 60.49617
Read failed for item[3] with status BadNodeIdUnknown

Press Enter to write values
Kindly guide how to resolve this issue of not being able to connect with server_sdk_tutorial using client_cpp_sdk.


Thanks!
Fahad
Top
User avatar
Support Team
Hero Member
Hero Member
Posts: 3068
Joined: 18 Mar 2011, 15:09

Re: Unable to connect server_sdk_tutorial using client_cpp_s

Post by Support Team »

Hello farslan,

BadIdentityTokenRejected indicates that the client is sending a user token that the server either does support or does not accept (e.g. wrong password).
In the bin directory where the client_cpp_sdk executable is located there is a ClientConfig.ini file. There you can specify a user context that is used in the client application. The default uses user john - which exists in the DemoServer.

Code: Select all

Username =john
Password =master
The server_sdk_tutorial does not implement any UserPassword tokens. You can easily change the ClientConfig.ini to disable user authentication by just leaving the setting empty.

Code: Select all

Username =
Password =
Best regards
Unified Automation Support Team
Top
Post Reply

Return to “C++ based OPC UA SDK”