How to load client certificate from file?

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

Moderator: uasdknet

Post Reply
dragomir.mashov
Jr. Member
Jr. Member
Posts: 2
Joined: 31 May 2018, 14:54

How to load client certificate from file?

Post by dragomir.mashov »

Hello,

I am working on a service application which connects to a OPC UA server and monitors items.
Curently I have an issue with making a secured connection to the server.

I downloaded the example Server and Client from http://www.unified-automation.com. Then I created a simple proof of concept (console) application to test the authentication. Everything seems to work with the credentials part and I was able to connect to the server with the provided demo user. However in order to encrypt the connection a certificate must be created on the client and it is then used to enable the security mode. The certificate is created automatically by provided tool Opc.Ua.CertificateGenerator.exe. Once it is created the connection automatically picks the best security mode (Encrypted + Sign in). The first time I try to connect after it is generated it is always successful. The issue is that after I create the certificate I cannot then reuse it. Once the application is closed and reopened, I load the generated certificate, stored as a file on the computer. Unfortunately when I try to connect the connection always fails with the same message: “Could not send an Open Secure Channel request.” and there are no meaningful details regarding the cause of that error.

Here is the code where I create the ApplicationInstance and Session:

Code: Select all

ApplicationInstance app = new ApplicationInstance();

                app.UntrustedCertificate += new UntrustedCertificateEventHandler(Application_UntrustedCertificate);
                app.AutoCreateCertificate = true;
                app.MissingApplicationCertificate += new CreateCertificateEventHandler(Application_MissingApplicationCertificate);

                m_session = new Session(app)
                {
                    UserIdentity = new UserIdentity(),
                };

                m_session.UserIdentity.IdentityType = UserIdentityType.UserName;
                m_session.UserIdentity.UserName = "sue";
                m_session.UserIdentity.Password = "curly";

                m_session.Connect(serverUrl, SecuritySelection.BestAvailable);
and this is where I load the certificate:

Code: Select all

private static void Application_MissingApplicationCertificate(object sender, CreateCertificateEventArgs e)
        {
            string fileName = "C:\\ProgramData\\unifiedautomation\\CertificateStores\\PrivateKeys\\private\\OPCUAAuth2@VDI-022 [BD402F25E3D4158006BF622A26CE39964BC7F4F2].pfx";
            System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(fileName);
            ICertificate icert = SecurityUtils.LoadCertificate(cert);
            e.NewCertificate = icert;

            return;
        }
Application_MissingApplicationCertificate is fired during the creation of the Session object, as expected.
It looks like I load the certificate, but the ApplicationInstance or Session object is missing something, which otherwise is provided when certificate is created automatically.

Please help!

Regards,
Dragomir
Top
Post Reply

Return to “.NET based OPC UA SDK”