Hello,
I have the Java SDK (evaulation version) installed on linux. The SampleConsoleServer runs fine out of the box. However, when I try modifying the SampleConsoleServer to use my own certificate I get an exception on instantiating an ApplicationIdentity object.
Exception in thread "main" java.lang.ClassCastException: org.bouncycastle.asn1.DERUnknownTag cannot be cast to org.bouncycastle.asn1.ASN1Object
at org.bouncycastle.asn1.ASN1Object.fromByteArray(Unknown Source)
at org.bouncycastle.crypto.util.PrivateKeyFactory.createKey(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.decodeRSAPrivateKey(Unknown Source)
at org.opcfoundation.ua.transport.security.PrivKey.(Unknown Source)
at org.opcfoundation.ua.transport.security.PrivKey.load(Unknown Source)
at com.prosysopc.ua.SecureIdentity.a(Unknown Source)
at com.prosysopc.ua.SecureIdentity.(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.(Unknown Source)
at com.prosysopc.ua.samples.SampleConsoleServer.main(SampleConsoleServer.java:1061)
The application certificate was generated by my organisation's CA The public key is a .cer file and the private key a .pem file. Any ideas/help much appreciated.
Cheers.
Cannot create an ApplicationIdentity object with my certificate
Moderator: uasdkjava
-
- Hero Member
- Posts: 20
- Joined: 07 Feb 2013, 11:01
- Support Team
- Hero Member
- Posts: 3070
- Joined: 18 Mar 2011, 15:09
Re:Cannot create an ApplicationIdentity object with my certi
Hello Ben,
the Java stack does not read .pem files.
It can read .pfx files, so the private key should be stored as such.
Best regards
Unified Automation Support Team
the Java stack does not read .pem files.
It can read .pfx files, so the private key should be stored as such.
Best regards
Unified Automation Support Team
Last edited by Support Team on 07 Feb 2013, 10:48, edited 1 time in total.
Best regards
Unified Automation Support Team
Unified Automation Support Team
-
- Hero Member
- Posts: 20
- Joined: 07 Feb 2013, 11:01
Re:Cannot create an ApplicationIdentity object with my certificate
Thanks for the info. I converted the certificate to pfx format and retried. The app successfully creates an ApplicationIdentity object using my generated certificate files however I subsequently get a NullPointerException on initialising the UaServer object:
* Prosys OPC UA Java SDK v1.2.0.2345
* (c) Prosys PMS Ltd.
* Running in EVALUATION mode
* Connections will close after 120 minutes
Instantiaing ApplicationIdentity with:
public [/user/bfarnham/work/opc-ua/generated_cern_ca_certs/newcert.cer]
private [/user/bfarnham/work/opc-ua/generated_cern_ca_certs/newcert.pfx]
Exception in thread "main" java.lang.NullPointerException
at com.prosysopc.ua.server.UaServer.init(Unknown Source)
at com.prosysopc.ua.samples.SampleConsoleServer.main(SampleConsoleServer.java:1092)
If the SampleConsoleServer uses certificates it generated itself then it starts up fine - I assume I am doing something wrong with the certificates.
Cheers
* Prosys OPC UA Java SDK v1.2.0.2345
* (c) Prosys PMS Ltd.
* Running in EVALUATION mode
* Connections will close after 120 minutes
Instantiaing ApplicationIdentity with:
public [/user/bfarnham/work/opc-ua/generated_cern_ca_certs/newcert.cer]
private [/user/bfarnham/work/opc-ua/generated_cern_ca_certs/newcert.pfx]
Exception in thread "main" java.lang.NullPointerException
at com.prosysopc.ua.server.UaServer.init(Unknown Source)
at com.prosysopc.ua.samples.SampleConsoleServer.main(SampleConsoleServer.java:1092)
If the SampleConsoleServer uses certificates it generated itself then it starts up fine - I assume I am doing something wrong with the certificates.
Cheers
- Support Team
- Hero Member
- Posts: 3070
- Joined: 18 Mar 2011, 15:09
Re:Cannot create an ApplicationIdentity object with my certi
You should compare the information in your certificate with the information in the certificate generated by the server.
There are optional fields in the certificate required for OPC UA.
All OPC UA Applications require an application instance certificate which shall contain the following
information:
Unified Automation Support Team
There are optional fields in the certificate required for OPC UA.
All OPC UA Applications require an application instance certificate which shall contain the following
information:
- The network name or address of the computer where the application runs;
- The name of the organisation that administers or owns the application;
- The name of the application;
- The URI of the application instance;
- The name of the certificate authority that issued the certificate;
- The issue and expiry date for the certificate;
- The public key issued to the application by the certificate authority (CA);
- A digital signature created by the certificate authority (CA).
Unified Automation Support Team
Last edited by Support Team on 07 Feb 2013, 10:48, edited 1 time in total.
Best regards
Unified Automation Support Team
Unified Automation Support Team
-
- Jr. Member
- Posts: 2
- Joined: 20 Oct 2008, 14:41
Re:Cannot create an ApplicationIdentity object with my certificate
Version 1.3.0 released today, reads and writes the private key in .pem files by default. .pfx can be read as well - and written. .jks is supported as well.