10:27, EEST
October 21, 2014
I upgradede my JRE from 1.7 to 1.8 , since that I am getting unknown certification authority error. Then based on some previous discussions similar topic by cho21e in this forum, i deleted the certificates and keys in the PKI folder. On deleting the certificate files under “private” folder and recompiling, it gives following error
“
com.prosysopc.ua.SecureIdentityException: Cannot create certificate for application ……..
at com.prosysopc.ua.ApplicationIdentity.createKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source) ………
“
It was not giving such problems earlier! Is it due to java version from 1.7 to 1.8 (the latest)?
Should I download the 1.8 version of the PROSYS OPC SDK? I have requested for the down load. Kindly approve it if that is the cause of the error!
what to do?
regards
pramanj
10:52, EEST
April 3, 2012
Can you post the full stack trace? It is bit hard to say what is the problem without it.
There is no specific versions of the SDK for a specific Java version. As long as your runtime is Java 6 or later, it will work. Newer JREs are backwards compatible, i.e. Java 8 will run Java7,6,… code.
– Bjarne
12:30, EEST
October 21, 2014
The trace is given below:
com.prosysopc.ua.SecureIdentityException: Cannot create certificate for application ARSCADA@Admin-PC
at com.prosysopc.ua.ApplicationIdentity.createKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at gatewayhook.SampleConsoleClient.initialize(SampleConsoleClient.java:1184)
at gatewayhook.GatewayHook.startup(GatewayHook.java:525)
at gatewayhook.GatewayHook.main(GatewayHook.java:66)
Caused by: java.security.cert.CertificateException: Subject class type invalid.
at sun.security.x509.X509CertInfo.setSubject(X509CertInfo.java:888)
at sun.security.x509.X509CertInfo.set(X509CertInfo.java:415)
at org.opcfoundation.ua.transport.security.SunJceCertificateProvider.generateCertificate(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.generateCertificate(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.generateCertificate(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.createApplicationInstanceCertificate(Unknown Source)
… 7 more
line 1184 is call to loadOrCreateCertificate as follows:
final ApplicationIdentity identity = ApplicationIdentity.loadOrCreateCertificate(appDescription,
//”Sample Organisation”, /* Private Key Password */”opcua”,
“PRAMANJ Technologies”, /* Private Key Password */”opcua”,
/* Key File Path */privatePath,
/* CA certificate & private key */issuerCertificate,
/* Key Sizes for instance certificates to create */keySizes,
/* Enable renewing the certificate */true)
13:03, EEST
October 21, 2014
13:08, EEST
April 3, 2012
Is there any reason you cannot use the bouncy castle jars? Adding them to your classpath should solve this.
Based on the “org.opcfoundation.ua.transport.security.SunJceCertificateProvider.generateCertificate” the java stack (which the SDK uses) selected the SunJceCertificateProvider. It does this if there is nothing else available from the classpath. And that uses the the jre private api for the creating the certificate since it is otherwise not possible, those private apis can change for different jre versions. It also might have problems in some areas (e.g. private key passwords).
See the ‘USAGE OF SECURITY LIBRARIES’ section from the README.txt for more information.
Seems some issues relating to SunJceCertificateProvider was solved for stack version 1.02.337.6, therefore you could try SDK version 2.2.2 (2.2.0 had 1.02.337.4; 2.2.2 has 1.02.337.8).
13:14, EEST
October 21, 2014
13:18, EEST
April 3, 2012
Please see the ‘DEPLOYMENT’ section of the README.txt for which jars are needed. Please use the bc*.jar (or sc*.jar if Android) if you can since testing is done using mostly using the Bouncy Castle library and it is therefore recommended in normal applications (this also reads in the readme, ‘USAGE OF SECURITY LIBRARIES’).
13:29, EEST
October 21, 2014
Ok sir, thanks I will read the readme file carefully to see which libraries are required.
Hope switching to libraries from your 2.2.2 sdk for all (Opc stack , Prosys stack and bc , sc jars) in my current application will not cuase problems. I will study the Migration notes as well.
Best Reagrds
PRAMANJ
Most Users Ever Online: 1919
Currently Online:
13 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 730
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1529
Posts: 6471
Newest Members:
PromotionToold, HypromeImpupe, toneylapham544, rondawolinski7, Marypof5711, roycedelargie91, kourtneyquisenbe, ellis87832073466, zkxwilliemae, gabriellabachusModerators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0
Administrators: admin: 1