Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
SampleConsoleClient - Connexion failed with sign and/or encrypt - Impossible to write
November 28, 2018
15:29, EEST
Avatar
Americium
Member
Members
Forum Posts: 4
Member Since:
November 28, 2018
sp_UserOfflineSmall Offline

Hi all !

I’m a french student and I have to work with the opc ua protocol for my studies.

I have download the demo source of opc ua by prosys.
For the moment I use the demo source. After I wanna try to modify the source to do a acquisition continuously.
I try it, I have no error when I don’t initiate a certs for the client.
But i can only read some data to the server. When i try to write I have this error :
– “The access level does not allow writing to the Node.”
Edit : I found the solution to this problem. I will solve this problem. But how can i write external values ? I want to write an interger to send it to the server.

And when I have try to initiate a secure communication with a sign and/or encrypt, the connexion failed.
I have this error :
– “Failed to create secure channel to server” – “An error occurred verifying security”
I have seen some topic with this problem. So, i have move the client certs from “PKI/CA/rejected” to server certs “PKI/CA/certs”.
The result is the same.

If you have some solution or tips, i’m available !

Thanks and have a nice day Laugh !

December 3, 2018
14:04, EEST
Avatar
Teppo Uimonen
Moderator
Members

Moderators
Forum Posts: 14
Member Since:
November 28, 2018
sp_UserOfflineSmall Offline

Hi,

Sorry for a delayed answer! 🙂

This error message indicates that your SampleConsoleClient’s certificate is not correctly trusted by the Server. For example, if you’re connecting to SampleConsoleServer, make sure you have moved the SampleConsoleClient certificate found in directory \sampleconsoleserver\PKI\CA
ejected to directory \sampleconsoleserver\PKI\CA\certs. After this, you may still need to restart the SampleConsoleServer and connect with your Client again.

December 3, 2018
15:33, EEST
Avatar
Americium
Member
Members
Forum Posts: 4
Member Since:
November 28, 2018
sp_UserOfflineSmall Offline

Hi !

Thank you for your responseand don’t worry about the delay !

I’m trying to do this :
– Start Server
– Start Client
– Create Certs (client)
– Try a connection – Failure (normally with your answer)
– Stop Server
– Move Certs
– Start Server
– Try a connection (With sign) – Fail Again

I get the same error : “Bad_SecurityChecksFailed” from ServiceResultException.

The server log :
12/03/2018 14:30:40.647 INFO [Blocking-Work-Executor-6] com.prosysopc.ua.server.SessionManager – Session closed: c1e0c927-52c7-45ab-8b1b-678197b4d1aa-5BF8FA12 (ID=ns=1;g=99b62ed4-0acd-41d9-951c-7b653fe6becb Token=i=1949816403 Channel=(SecureChannelId=69 State=Open URL=localhost:52520/OPCUA/SampleConsoleServer SecurityPolicy=http://opcfoundation.org/UA/SecurityPolicy#None RemoteAddress=/192.168.56.1:55105))

I have an Id for the secure channel and its state is open. But the connection fails.

December 3, 2018
16:32, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 336
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

Step-by-step instructions.

0. For the context of this post, delete the PKI directories of both before starting (or unzip the SDK package to a clean folder).
1. Start the SampleConsoleServer, wait it for to start before continuing to 2.
2. Start the SampleConsoleClient, enter the uri or just press enter (by default it then tries to connect to sampleconsoleserver)
3. Select ‘s’ or ‘e’ in the security mode selection
4. You will get a promt in the clientside console, accept the cert permanently with ‘A’
5. At this point the connection will fail, as the server side is not yet trusting the client side cert. Keep the client window open
6. Navigate to sampleconsoleserver/PKI/CA/rejected, you should see a single file, and the name has characters 0-9A-F. If you open this in a certificate viewing too, you should see the cert as the sampleconsoleclient’s. Move this to the sampleconsoleserver/PKI/CA/certs, so that the rejected folder is empty and the certs has the file. All this while the server is running.
7. Back in the client console, try connecting again by selecting ‘1’ (type 1 and press enter), it should now connect.
8+ subsequent connections will do not require these steps (as long as both have eachothers certificates in eachothers ‘certs’ directories).

NOTES! sections 4 and 6 typically require some tought in a real use-case. Alternatively you can move the files directly from PKI/CA/private/*.der (not the .pem, as those are private keys and are private to the application in question) to the other’s ‘certs’. Note that if you do that after a cert is rejected (i.e. situation of 6. exists), it might exist in multiple places, which case the connection might be rejected, even if one of them is in the ‘certs’. Please see the samples for more info, as this is the basic scenario.

December 3, 2018
17:57, EEST
Avatar
Americium
Member
Members
Forum Posts: 4
Member Since:
November 28, 2018
sp_UserOfflineSmall Offline

Hi !

Thank you for your prompt answer !

This problem is closed now ! The problem was that i moved bad certs, i think.
I will try to auto-move of certs if the cert comes from sampleconsoleclient.

About my second question :
– It’s possible to send data (random integer – Test) from a client to a server ?
I have see that the method “write” can just write the attributes of a node.
So, it’s impossible to write an another data ? or it’s possible but i have to create a method ?

Have a nice day. Smile

December 3, 2018
18:09, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 336
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

Please read the tutorials found in the ‘tutorial’ folder of the SDK package and see the samples.

December 3, 2018
18:45, EEST
Avatar
Americium
Member
Members
Forum Posts: 4
Member Since:
November 28, 2018
sp_UserOfflineSmall Offline

Hi !

I solved my problem !
I used the wrong definition of the “write” method.

I followed the “write” of the “Sample” class and not that of “UaClient”.

Sorry for this error and thanks !

Problem : Connexion failed with sign and/or encrypt
Solve : Quote 4

Problem : Impossible to write
Solve Quote 6

The subject is solved.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 78

Currently Online:
12 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 89

pramanj: 86

ibrahim: 68

kapsl: 57

gjevremovic: 49

TimK: 41

Fransua33: 39

fred: 36

Rainer Versteeg: 32

vonGohren: 25

Member Stats:

Guest Posters: 0

Members: 815

Moderators: 11

Admins: 1

Forum Stats:

Groups: 3

Forums: 14

Topics: 841

Posts: 3556

Newest Members:

waldlatscher, keithwalmar, shanjaved, opcua-user, DmitryPervukhin, DPer, YeaTeshy, marttin, bouncycastlerentals, Sayan B

Moderators: Jouni Aro: 824, Otso Palonen: 32, Tuomas Hiltunen: 5, janimakela: 0, Pyry: 1, Terho: 0, Petri: 0, Bjarne Boström: 336, Heikki Tahvanainen: 402, Jukka Asikainen: 1, Teppo Uimonen: 14

Administrators: admin: 0