Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
ApplicationIdentity - loadOrCreateCertificate
October 29, 2013
12:38, EET
Avatar
jakblu
Member
Members
Forum Posts: 7
Member Since:
September 19, 2013
sp_UserOfflineSmall Offline

Hey again everyone,

to generate a Certificate and Private Key for a secure communication i’m using the Code out of the SampleConsoleClient. In the concole Client everything working fine.

The code snippet:

final ApplicationIdentity identity = ApplicationIdentity
.loadOrCreateCertificate(
appDescription,
“Sample Organisation”,
“opcua”,
new File(validator.getBaseDir(),
“private”),
true
);

In my case: On the first call, the function gets executed and generates the Certificate and Private Key. So everything is ok. But if the function is called the second time, so the Certificate and Private Key already exists in File System, the following error eccurs:

com.prosysopc.ua.SecureIdentityException: Cannot load certificate
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at de.monkeyworks.movisa.server.connector.opcua.OpcUaClient.createApplicationIdentity(OpcUaClient.java:98)
at de.monkeyworks.movisa.server.connector.opcua.OpcUaClient.initialize(OpcUaClient.java:44)
at de.monkeyworks.movisa.server.test.connector.opcua.OpcUaServerTest.testConnect(OpcUaServerTest.java:54)

Caused by: java.security.cert.CertificateParsingException: java.io.IOException: URI name must include scheme:de.jakblu.client
at sun.security.x509.X509CertInfo.(X509CertInfo.java:171)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1788)
at sun.security.x509.X509CertImpl.(X509CertImpl.java:202)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:97)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at org.opcfoundation.ua.utils.CertificateUtils.readX509Certificate(Unknown Source)
at org.opcfoundation.ua.transport.security.Cert.load(Unknown Source)
at org.opcfoundation.ua.transport.security.Cert.load(Unknown Source)
… 31 more
Caused by: java.io.IOException: URI name must include scheme:de.jakblu.client
at sun.security.x509.URIName.(URIName.java:113)
at sun.security.x509.URIName.(URIName.java:96)
at sun.security.x509.GeneralName.(GeneralName.java:122)
at sun.security.x509.GeneralName.(GeneralName.java:76)
at sun.security.x509.GeneralNames.(GeneralNames.java:68)
at sun.security.x509.SubjectAlternativeNameExtension.(SubjectAlternativeNameExtension.java:141)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at sun.security.x509.CertificateExtensions.parseExtension(CertificateExtensions.java:112)
at sun.security.x509.CertificateExtensions.init(CertificateExtensions.java:88)
at sun.security.x509.CertificateExtensions.(CertificateExtensions.java:78)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:740)
at sun.security.x509.X509CertInfo.(X509CertInfo.java:169)
… 38 more

If I check the existence of files in the code manually i get a positive result. So, i do not no why the function can’t load the certificate.
Are there other things i must pay attention?

Regards,
Jakob

October 29, 2013
12:56, EET
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Looks like your application URI is not a correct URI value. Instead of ‘de.jakblu.client’, use ‘urn:de.jakblu.client’ or something like that. The scheme part, e.g. “urn:”, is compulsory, but it looks like it is not validated when creating the certificate.

October 29, 2013
13:09, EET
Avatar
jakblu
Member
Members
Forum Posts: 7
Member Since:
September 19, 2013
sp_UserOfflineSmall Offline

Oh, that solves the problem for me.

Tanks for helping me again! Smile

October 29, 2013
13:52, EET
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Note also that the ApplicationUri should be unique to every instance. So it’s good to put ‘localhost’ in it, which then gets replaced by the hostname of the computer the application is running.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
19 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 726

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuart, caitlynfajardo, jeromechubb7, franciscagrimwad, adult_gallery

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1