Log In
Register
Topic RSS
10:27, EEST
October 21, 2014
Offline
I upgradede my JRE from 1.7 to 1.8 , since that I am getting unknown certification authority error. Then based on some previous discussions similar topic by cho21e in this forum, i deleted the certificates and keys in the PKI folder. On deleting the certificate files under “private” folder and recompiling, it gives following error
“
com.prosysopc.ua.SecureIdentityException: Cannot create certificate for application ……..
at com.prosysopc.ua.ApplicationIdentity.createKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source) ………
“
It was not giving such problems earlier! Is it due to java version from 1.7 to 1.8 (the latest)?
Should I download the 1.8 version of the PROSYS OPC SDK? I have requested for the down load. Kindly approve it if that is the cause of the error!
what to do?
regards
pramanj
10:52, EEST
April 3, 2012
Offline
Can you post the full stack trace? It is bit hard to say what is the problem without it.
There is no specific versions of the SDK for a specific Java version. As long as your runtime is Java 6 or later, it will work. Newer JREs are backwards compatible, i.e. Java 8 will run Java7,6,… code.
– Bjarne
12:30, EEST
October 21, 2014
Offline
The trace is given below:
com.prosysopc.ua.SecureIdentityException: Cannot create certificate for application ARSCADA@Admin-PC
at com.prosysopc.ua.ApplicationIdentity.createKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateKeyPair(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at com.prosysopc.ua.ApplicationIdentity.loadOrCreateCertificate(Unknown Source)
at gatewayhook.SampleConsoleClient.initialize(SampleConsoleClient.java:1184)
at gatewayhook.GatewayHook.startup(GatewayHook.java:525)
at gatewayhook.GatewayHook.main(GatewayHook.java:66)
Caused by: java.security.cert.CertificateException: Subject class type invalid.
at sun.security.x509.X509CertInfo.setSubject(X509CertInfo.java:888)
at sun.security.x509.X509CertInfo.set(X509CertInfo.java:415)
at org.opcfoundation.ua.transport.security.SunJceCertificateProvider.generateCertificate(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.generateCertificate(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.generateCertificate(Unknown Source)
at org.opcfoundation.ua.utils.CertificateUtils.createApplicationInstanceCertificate(Unknown Source)
… 7 more
line 1184 is call to loadOrCreateCertificate as follows:
final ApplicationIdentity identity = ApplicationIdentity.loadOrCreateCertificate(appDescription,
//”Sample Organisation”, /* Private Key Password */”opcua”,
“PRAMANJ Technologies”, /* Private Key Password */”opcua”,
/* Key File Path */privatePath,
/* CA certificate & private key */issuerCertificate,
/* Key Sizes for instance certificates to create */keySizes,
/* Enable renewing the certificate */true)
13:03, EEST
October 21, 2014
Offline
Dear Sir,
Another thing I did was to remove some of the libraries like bc*.jar, http*.jar, commons*.jar only OPC.ua.stack and Prosys-ua stack jar and log4j and sl4j jars were included. Could that be a problem? Shall I try to inlcude all the missing jars and compile?
regards
PRAMANJ
13:08, EEST
April 3, 2012
Offline
Is there any reason you cannot use the bouncy castle jars? Adding them to your classpath should solve this.
Based on the “org.opcfoundation.ua.transport.security.SunJceCertificateProvider.generateCertificate” the java stack (which the SDK uses) selected the SunJceCertificateProvider. It does this if there is nothing else available from the classpath. And that uses the the jre private api for the creating the certificate since it is otherwise not possible, those private apis can change for different jre versions. It also might have problems in some areas (e.g. private key passwords).
See the ‘USAGE OF SECURITY LIBRARIES’ section from the README.txt for more information.
Seems some issues relating to SunJceCertificateProvider was solved for stack version 1.02.337.6, therefore you could try SDK version 2.2.2 (2.2.0 had 1.02.337.4; 2.2.2 has 1.02.337.8).
13:14, EEST
October 21, 2014
Offline
Yes sir, I added all the bounrt castle and http and all the other libraries listed above and its working now!
I will switch over to the 2.2.2 version of your sdk and evaluate.
Thanks ! It was my mistake!
Sorry to bother you.
Best Reagrds
PRAMANJ
13:18, EEST
April 3, 2012
Offline
Please see the ‘DEPLOYMENT’ section of the README.txt for which jars are needed. Please use the bc*.jar (or sc*.jar if Android) if you can since testing is done using mostly using the Bouncy Castle library and it is therefore recommended in normal applications (this also reads in the readme, ‘USAGE OF SECURITY LIBRARIES’).
13:29, EEST
October 21, 2014
Offline
Ok sir, thanks I will read the readme file carefully to see which libraries are required.
Hope switching to libraries from your 2.2.2 sdk for all (Opc stack , Prosys stack and bc , sc jars) in my current application will not cuase problems. I will study the Migration notes as well.
Best Reagrds
PRAMANJ
1 Guest(s)
