I am working on a service application which connects to a OPC UA server and monitors items.
Curently I have an issue with making a secured connection to the server.
I downloaded the example Server and Client from http://www.unified-automation.com. Then I created a simple proof of concept (console) application to test the authentication. Everything seems to work with the credentials part and I was able to connect to the server with the provided demo user. However in order to encrypt the connection a certificate must be created on the client and it is then used to enable the security mode. The certificate is created automatically by provided tool Opc.Ua.CertificateGenerator.exe. Once it is created the connection automatically picks the best security mode (Encrypted + Sign in). The first time I try to connect after it is generated it is always successful. The issue is that after I create the certificate I cannot then reuse it. Once the application is closed and reopened, I load the generated certificate, stored as a file on the computer. Unfortunately when I try to connect the connection always fails with the same message: “Could not send an Open Secure Channel request.” and there are no meaningful details regarding the cause of that error.
Here is the code where I create the ApplicationInstance and Session:
Code: Select all
ApplicationInstance app = new ApplicationInstance();
app.UntrustedCertificate += new UntrustedCertificateEventHandler(Application_UntrustedCertificate);
app.AutoCreateCertificate = true;
app.MissingApplicationCertificate += new CreateCertificateEventHandler(Application_MissingApplicationCertificate);
m_session = new Session(app)
{
UserIdentity = new UserIdentity(),
};
m_session.UserIdentity.IdentityType = UserIdentityType.UserName;
m_session.UserIdentity.UserName = "sue";
m_session.UserIdentity.Password = "curly";
m_session.Connect(serverUrl, SecuritySelection.BestAvailable);
Code: Select all
private static void Application_MissingApplicationCertificate(object sender, CreateCertificateEventArgs e)
{
string fileName = "C:\\ProgramData\\unifiedautomation\\CertificateStores\\PrivateKeys\\private\\OPCUAAuth2@VDI-022 [BD402F25E3D4158006BF622A26CE39964BC7F4F2].pfx";
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(fileName);
ICertificate icert = SecurityUtils.LoadCertificate(cert);
e.NewCertificate = icert;
return;
}
It looks like I load the certificate, but the ApplicationInstance or Session object is missing something, which otherwise is provided when certificate is created automatically.
Please help!
Regards,
Dragomir