Security Profiles not being configured

[acidiclustre]

Hi All,

I was trying to include the Basic security profiles (apart from 'None') into my UA Server Application, but somehow the steps mentioned in the UA SDK Documentation are not working for me. I started with the Lesson1 under Getting Started Server Project. However when I am trying to connect with the Server created by the Lesson1 project through the UA Expert Client, I do not see any other Security Profiles apart from 'None'. The Profiles are enabled in the Security Profiles Section of my App.config file, however for some reason the security profiles are not visible in UA Expert. It is pretty straight forward as far as I could understand but it is not working as expected. How can I make it work. The required section of my App.config looks like this (this is the default file in the Getting Started Server solution I haven't changed anything) :

Code: Select all

      <SecurityProfiles>
        <SecurityProfile>
          <ProfileUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256</ProfileUri>
          <Enabled>true</Enabled>
        </SecurityProfile>
        <SecurityProfile>
          <ProfileUri>http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15</ProfileUri>
          <Enabled>true</Enabled>
        </SecurityProfile>
        <SecurityProfile>
          <ProfileUri>http://opcfoundation.org/UA/SecurityPolicy#None</ProfileUri>
          <Enabled>true</Enabled>
        </SecurityProfile>
      </SecurityProfiles>

[acidiclustre]

Solved, there is a utility called Opc.Ua.CertificateGenerator.exe. This utility needs to be in the bin folder of the Server Application. Once this is placed in the correct folder, all the Security Profiles will be loaded and attached to the Server Endpoint.

[s.meadow]

Hi,

I have still the same problem.
The securitiy profilies are enabled in app.config. Looks the same like in the post above.

Adding the utility 'Opc.Ua.CertificateGenerator.exe' doesn't add the security profiles in the server.
I have added the utility in the same folder where the server application lies.

@acidiclustre which version of the sdk do you use? Could you remember if you have changed anything else?

Regards

[edwardcurtin]

make sure your doing the the /install command with the debug parameters

http://documentation.unified-automation ... tance.html.

If you forget to do it the certificate generator does not generate the certificate and you dont end up with the endpoints that you would expect even if you have the security profiles enabled. you can witness this by having a look at the trace logs on the server, have a look at server configuration.

Hope the above helps in some way and might provide you with a solution.

[s.meadow]

Thanks for your reply!

I am not sure if I get right but I don't start the server in command line.

I went through my server application, so I found out that the xml-schema is not found.

Configuration specific to the SDK or to applications built with the SDK can be added to the Extensions element defined by the SecuredApplication schema. This can be found in the folder "configurationschema".

Source: http://documentation.unified-automation ... chema.html

I have already added the folder to my VS Project and the build messages decreased to four messages:

Meldung 4 Die Schemainformationen für das Attribut 'sku' konnten nicht gefunden werden. app.config
Meldung 3 Die Schemainformationen für das Attribut 'version' konnten nicht gefunden werden. app.config
Meldung 2 Die Schemainformationen für das Element 'supportedRuntime' konnten nicht gefunden werden. app.config
Meldung 1 Die Schemainformationen für das Element 'UaApplicationConfiguration' konnten nicht gefunden werden. app.config

I assumed that the server generates the default configuration without the app.config but I changed the port of the base address and applicationname.
The endpoint had always the new portnumber in their endpoint description (that worked even without adding the .xsd-files) but applicationname didn't change and the only security profile was still 'None'.

Regards

[s.meadow]

Hey @edwardcurtin,

so it's nessecary to run the Server with /install command and with the debug parameters.

How exactly do I do this?

As it said in the documentation:

2.Run the executable as an Administrator with the ‘/install’ argument.

[edwardcurtin]

Right click on your project in the solution exploreer window in visual studio - you will then be presented with a popup menu select properties down the bottom
- go properties and then select the build events tab on the left of the screen and type /install

run the server once and you should fingers crossed end up with the endpoints and the security certificate having been created, i believe your current problem is your server does not have a security certificate so cant support secure endpoints.

[edwardcurtin]

@s.meadow just to mention as well - the server does not create a x509 certificate by default that is why the /install step exists, when creating my server i would often overlook this step to only be left with the none security profile - i hope my response helps in some way.

regards

ed

[edwardcurtin]

oh and also you have to run visual studio as admin and drop the certificate generator.exe into the bin folder of wherever your dlls end up

[s.meadow]

Hi @edwardcurtin,

Thanks alot for your helpful answers.

You were right. The certificates weren't create. I had to add the line

Code: Select all

ApplicationInstance.Default.AutoCreateCertificate = true;

that the certifcate was created.

best regards
sabrina

[edwardcurtin]

Hi @edwardcurtin,

Thanks alot for your helpful answers.

You were right. The certificates weren't create. I had to add the line

Code: Select all

ApplicationInstance.Default.AutoCreateCertificate = true;

that the certifcate was created.

best regards
sabrina

No worries glad I could point you in the right direction