How to use the setCertificateUserIdentity()?

Questions regarding the use of the C++ SDK for Server or Client development or integration into customer products ...

Moderator: uasdkcpp

Post Reply
sunny
Sr. Member
Sr. Member
Posts: 19
Joined: 12 Feb 2015, 11:14

How to use the setCertificateUserIdentity()?

Post by sunny »

Hi Support team,

I want to create a connect to a UA Server with my client application running on the C++ Bundle 1.5.2 SDK.
But I wondered that how to set the UserTokenInfo:
1) I have successed with UserPasswordUserIdentity
2) AnonymousUserIdentity also successed
3) but failed with setCertificateUserIdentity. The error was BadIdentityTokenRejected.

About 3,
UA server: Demo server of C++ 1.5.2 SDK.
UA Client: when I used UaExpert to connect this server with CertificateUserIdentity, successed.
when I used my client application with CertificateUserIdentity, failed.
But I am sure that I put the client .der to server turstedlist and CertificateTrustListLocation([ConfigPath]/pkiuser/trusted/certs/).

About my client application,
I used SessionSecurityInfo::setCertificateUserIdentity to set certificate and private key to be sent to the Demo server.
I could not find the samples in lesson4 of SDK Client Samples.I wondered my programs have some wrony with this type.
Would you give me some samples source cord or ideas for the SessionSecurityInfo::setCertificateUserIdentity()?

Regards
sunny
Top
User avatar
Support Team
Hero Member
Hero Member
Posts: 3068
Joined: 18 Mar 2011, 15:09

Re: How to use the setCertificateUserIdentity()?

Post by Support Team »

Hello sunny,

these are the steps to take:

1) load the user certifiate

Code: Select all

    UaPkiCertificate userCert = UaPkiCertificate::fromDERFile(m_sUserCertificateFilePath);
    if (userCert.isValid())
    {
        UaByteString userCertifiate = userCert.toDER();
    }
2) load the private key

Code: Select all

    UaStatus result;
    UaString sPrivateKeyFile("./pkiuser/own/private/user.pem");
    UaString sCertificateRevocationListLocation("./pkiuser");   // this path doesn't have any effect when loading the private key -it just needs to exist
    UaString sCertificateTrustListLocation("./pkiuser");        // this path doesn't have any effect when loading the private key -it just needs to exist
    UaString sPwd;
    UaByteString privateKey;

    UaPkiProviderOpenSSL pkiProvider(
        sCertificateRevocationListLocation,
        sCertificateTrustListLocation);
    result = pkiProvider.openCertificateStore();

    result = pkiProvider.loadPrivateKey(
        sPrivateKeyFile,
        OpcUa_Crypto_Encoding_PEM,
        sPwd,
        privateKey);
3) set the user certificate and private key on the using the method SessionSecurityInfo::setCertificateUserIdentity
Best regards
Unified Automation Support Team
Top
sunny
Sr. Member
Sr. Member
Posts: 19
Joined: 12 Feb 2015, 11:14

Re: How to use the setCertificateUserIdentity()?

Post by sunny »

Hi, support team

I got it.I will try again.
Thank you for the hint.

Best regards
Top
Post Reply

Return to “C++ based OPC UA SDK”