[Error] Certificate Register

[Americium]

Hi,

I'm a french student and i have to create a client/server for my studies !

I created my client. (I took the UaclClient) - (For my server i took the UaclServer - I havent change its main)
I'm trying to connect my client to the server with a security certificate.
I can create my certificate. (it's an untrusted certificate).
I add my certs to my UserIdentity :
(From my main)

Code: Select all

obj.SessionHandle.Session.UserIdentity.Certificate = mycerts;

And modify the type of connection :
(From RemoteObject.cs)

Code: Select all

session.Connect(session.SessionUri.Uri.AbsoluteUri, SecuritySelection.BestAvailable);

I configured my server like this :
(From InternalServer.cs)

Code: Select all

new SecurityProfile {ProfileUri = SecurityProfiles.Basic256, Enabled = true},
new SecurityProfile {ProfileUri = SecurityProfiles.Basic128Rsa15, Enabled = false},
new SecurityProfile {ProfileUri = SecurityProfiles.None, Enabled = false}

Code: Select all

application.AutoCreateCertificate = true;

When i try to connect, I have this error :
The client application does not have a certificate assigned.
So, i try with the debug mode and before the error i look at the object UserIdentity and the variable isnt null.

I don't know if the problem comes from adding of the certificate in the UserIdentity.
This is the right space to present the certificate ?
Or if the problem comes from my creation of the certs.

Thanks you for your reading and help.


Sincerely,
Americium.

[Support Team]

Hello,

You should not add a certificate to the UserIdentity. Using certificates for users is not supported fully at server side with the current version of the sdk.

But you need to have an ApplicationInstance certificate. Please make sure that a certificate is configured and that the Opc.Ua.CertificateGenerator.exe is locatet at the correct folder (next to the application).

[Americium]

Hi,

Thank you for your prompt response.

You solve my problem.
Now i have this error :
"The certificate is not trusted"
It's normally when i look at it, it's untrusted.
To solve this, i saw that it's possible to self-certifye for the session.

Step 2: Prompt the User to Trust the Certificate

So, i add this code :

Code: Select all

obj.SessionHandle.Session.Application.ApplicationCertificate = mycerts;
obj.SessionHandle.Session.Application.TrustedStore.Add(mycerts, true, false);

The certificate is moved to the trusted list.
A comment indicates that this part can simply move the certificate.

Code: Select all

// note that this code does not to enable 'temporary trust'.

So, to trust it, i have to use a certificate authority or i can trust its with another function ?
(When i speak about "Trust" it's the certificate who it's not trusted, my application have the certificate in its trust list)

Thank you for your help and your time.

Sincerely,
Americium.

[Support Team]

Hello,

There are two ways of trusting a certificate.
[*] You can move the file from the rejected store to the trusted store manually.
[*] You can implement the EventHandler UntrustedCertificate. You can set the Accept property in UntrustedCertificateEventArgs to 'true' to accecpt the certificate.

[Americium]

Thank you again for your answer.
Sorry to reply late.
I modified the event Handler and I accept this famous certs.
Now, the certs were accepted by the client.

I started to develop the server, so i start with the same file "app.config".
My server is runing and i have my endpoint.
When i try to connect my client, i receive this error from the server :
UnifiedAutomation.UaBase.StatusException: Error received from remote host: [BadSecurityChecksFailed]
I have the same config with my client and my server :

Code: Select all

<UserIdentity>
  <EnableCertificate>true</EnableCertificate>
</UserIdentity>

<SecurityProfiles>
  <SecurityProfile>
    <ProfileUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</ProfileUri>
    <Enabled>true</Enabled>
  </SecurityProfile>
</SecurityProfiles>

In your Demo and Tutorial for server developpement i have seen only the connection with Anonyme or Username Identity Token.

Above the UserIdentity, i have this comment :

Code: Select all

Authentication with certificate is not fully implemented.

The authentication with certificate is disable for a demo licence ?
The authentication with certificate is fully disable ?

Thank you for your help and your time.

Sincerely,
Americium

[Americium]

Hi,

I solve the problem with the DemoUaServer.
It was a problem from my ApplicationUri in my certificat and my endpoint (UserIdentityToken - Server).

Thank you for your help and your time !