Log In
Register
Forum
Topic RSS
19:05, EEST
March 16, 2017
Offline
Hi,
I’ve a question regarding the ApplicationUri.
When taking a look at the sample console client there is the AppDescription which is setting the ApplicationUri
// *** Application Description is sent to the server
ApplicationDescription appDescription = new ApplicationDescription();
// ‘localhost’ (all lower case) in the ApplicationName and
// ApplicationURI is converted to the actual host name of the computer
// in which the application is run
appDescription.setApplicationName(new LocalizedText(APP_NAME + “@localhost”));
appDescription.setApplicationUri(“urn:localhost:OPCUA:” + APP_NAME);
appDescription.setProductUri(“urn:prosysopc.com:OPCUA:” + APP_NAME);
appDescription.setApplicationType(ApplicationType.Client);
But when using SecurityMode NONE, there is no practical need to create an application certificate.
What I’ve tried is to use appDescription.setApplicationUri(null) with SecurityMode NONE and I could connect to a server without problems.
So can I assume that when connecting to a server (with SecurityMode NONE), the ApplicationUri is not mandatory?
Thank you!
8:20, EEST
Moderators
February 11, 2020
Offline
Hello,
The OPC UA Specification (see https://reference.opcfoundatio…..docs/5.7.2) states for CreateSessionRequest that:
If the securityPolicyUri is None, the Server shall ignore the ApplicationInstanceCertificate.
The Application Instance Certificate of the Client is not mandatory when using SecuritPolicyUri None in CreateSessionRequest. This is why you can create a Session with an Application Instance Certificate without ApplicationUri. Note, that the certificate should contain the ApplicationUri in the SubjectAltName (see https://reference.opcfoundatio…..docs/6.2.2).
Is there any particular reason you would need to not set the ApplicationUri for the ApplicationDescription used to create the Application Instance Certificate?
9:43, EEST
March 16, 2017
Offline
Thank you for the information.
>Is there any particular reason you would need to not set the ApplicationUri for the ApplicationDescription used to create the Application Instance Certificate?
No really a specific reason.
We are connecting to OpcUa servers in an internal network with security NONE and just like to minimize the configuration for our clients.
So we want to use something like this:
ApplicationDescription appDescription = new ApplicationDescription();
appDescription.setApplicationName(new LocalizedText(Config.getClientName(), Locale.ENGLISH));
// appDescription.setApplicationUri(null); // not needed because of security mode NONE
appDescription.setProductUri(Config.getProductName());
appDescription.setApplicationType(ApplicationType.Client);
ApplicationIdentity applicationIdentity = new ApplicationIdentity();
applicationIdentity.setApplicationDescription(appDescription);
13:04, EEST
December 21, 2011
Offline
The ApplicationDescription is defined to let the OPC UA applications know about each other. ApplicationUri is the main part of the ApplicationDescriptions, since it defines a unique identifier for the application, and I would not recommend to leave it out. ApplicationName is meant for humans, but does not need to be unique.
ApplicationUri is added to the Application Instance Certificate to ensure that the certificate is attached to a single instance only and not copied and shared between different applications or the same application running in different computers.
We have used the convention to add the ‘hostname’ of the computer, in which the application is running, to both ApplicationName and ApplicationUri, to ensure their uniqueness. I am not quite sure why you wish to leave these to be configurable by the user, but ProductUri should identify your application product and should probably not be defined by the user of the application.
These are described in the Server Tutorial, for example.
The latest OPC UA Specifications define new rules for the URIs, but it does not quite match with the typical conventions of most applications in the market (which mostly use the “urn:” scheme for the ApplicationUri). They do give advice, though, how to define the ApplicationUri in case the OwnerOperator should be able to define it, using the ‘hostname’.
Instead of using Locale.ENGLISH, you could just use LocalizedText.NO_LOCALE (or not specifying it), but it’s not very important.
19:09, EEST
March 16, 2017
Offline
> I am not quite sure why you wish to leave these to be configurable by the user, but ProductUri should identify your application product and should probably not be defined by the user of the application.
This is because I’m the only user of the application (with several instances) to collect data from different equipments. And as I connect with security none, I thought about skipping the ApplicationUri as connection worked without it and I could’nt see it anywhere on the equipments servers session view.
1 Guest(s)
