Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
sp_Search Search
Advanced Search
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Search Search
Go to Bottom
No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
ApplicationIdentity - loadOrCreateCertificate
October 29, 2013
12:38, EET
Avatar
jakblu
Member
Members
Forum Posts: 7
Member Since:
September 19, 2013
sp_UserOfflineSmall Offline
Go to Top
1sp_Permalink sp_Print

Hey again everyone,

to generate a Certificate and Private Key for a secure communication i’m using the Code out of the SampleConsoleClient. In the concole Client everything working fine.

The code snippet:

final ApplicationIdentity identity = ApplicationIdentity
.loadOrCreateCertificate(
appDescription,
“Sample Organisation”,
“opcua”,
new File(validator.getBaseDir(),
“private”),
true
);

In my case: On the first call, the function gets executed and generates the Certificate and Private Key. So everything is ok. But if the function is called the second time, so the Certificate and Private Key already exists in File System, the following error eccurs:

com.prosysopc.ua.SecureIdentityException: Cannot load certificate
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at de.monkeyworks.movisa.server.connector.opcua.OpcUaClient.createApplicationIdentity(OpcUaClient.java:98)
at de.monkeyworks.movisa.server.connector.opcua.OpcUaClient.initialize(OpcUaClient.java:44)
at de.monkeyworks.movisa.server.test.connector.opcua.OpcUaServerTest.testConnect(OpcUaServerTest.java:54)

Caused by: java.security.cert.CertificateParsingException: java.io.IOException: URI name must include scheme:de.jakblu.client
at sun.security.x509.X509CertInfo.(X509CertInfo.java:171)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1788)
at sun.security.x509.X509CertImpl.(X509CertImpl.java:202)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:97)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at org.opcfoundation.ua.utils.CertificateUtils.readX509Certificate(Unknown Source)
at org.opcfoundation.ua.transport.security.Cert.load(Unknown Source)
at org.opcfoundation.ua.transport.security.Cert.load(Unknown Source)
… 31 more
Caused by: java.io.IOException: URI name must include scheme:de.jakblu.client
at sun.security.x509.URIName.(URIName.java:113)
at sun.security.x509.URIName.(URIName.java:96)
at sun.security.x509.GeneralName.(GeneralName.java:122)
at sun.security.x509.GeneralName.(GeneralName.java:76)
at sun.security.x509.GeneralNames.(GeneralNames.java:68)
at sun.security.x509.SubjectAlternativeNameExtension.(SubjectAlternativeNameExtension.java:141)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at sun.security.x509.CertificateExtensions.parseExtension(CertificateExtensions.java:112)
at sun.security.x509.CertificateExtensions.init(CertificateExtensions.java:88)
at sun.security.x509.CertificateExtensions.(CertificateExtensions.java:78)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:740)
at sun.security.x509.X509CertInfo.(X509CertInfo.java:169)
… 38 more

If I check the existence of files in the code manually i get a positive result. So, i do not no why the function can’t load the certificate.
Are there other things i must pay attention?

Regards,
Jakob

October 29, 2013
12:56, EET
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline
sp_UserWebsite
Go to Top
2sp_EditHistory sp_Permalink sp_Print

Looks like your application URI is not a correct URI value. Instead of ‘de.jakblu.client’, use ‘urn:de.jakblu.client’ or something like that. The scheme part, e.g. “urn:”, is compulsory, but it looks like it is not validated when creating the certificate.

October 29, 2013
13:09, EET
Avatar
jakblu
Member
Members
Forum Posts: 7
Member Since:
September 19, 2013
sp_UserOfflineSmall Offline
Go to Top
3sp_Permalink sp_Print

Oh, that solves the problem for me.

Tanks for helping me again! Smile

October 29, 2013
13:52, EET
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline
sp_UserWebsite
Go to Top
4sp_Permalink sp_Print

Note also that the ApplicationUri should be unique to every instance. So it’s good to put ‘localhost’ in it, which then gets replaced by the hostname of the computer the application is running.

No permission to create posts
sp_Feed All RSS
Go to top
Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
32 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 735

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1523

Posts: 6449

Newest Members:

rust, christamcdowall, redaahern07571, nigelbdhmp, travistimmons, AnnelCib, dalenegettinger, howardkennerley, Thomassnism, biancacraft16

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1026, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0

Administrators: admin: 1