Hello Karthick,

In OPC UA, the connection establishment between client and server applications is based on application instance certificates. When security mode is other than none, the client and server applications must trust each other’s certificates.

To put it shortly, move client certificate from PKI/CA/rejected to PKI/CA/certs directory in the server application.

For more explanation about the subject, see chapter “3.3 Validating Client Applications via Certificates” in the server tutorial and chapter “5.4 Validating Server Certificates” in the client tutorial. The tutorial documents are available in the doc-folder of the SDK.

Hi,

Thanks for the information. This time the error states that “Address already in use”. This most probably means that previous SampleConsoleServer instance is still running and occupying the tcp port 52520.

karthi said
Hii,

I am new to Java and OPC, i have some problem while connecting the SampleConsoleServer to SampleConsoleClient.
As i use the default URL address of the server =opc.tcp://localhost:52520/OPCUA/SampleConsoleServer.

After running my console i came up with this error which is below,

Connecting to opc.tcp://localhost:52520/OPCUA/SampleConsoleServer
Using SecurityPolicy http://opcfoundation.org/UA/Se…..ic128Rsa15
com.prosysopc.ua.client.ConnectException: Failed to create secure channel to server: : opc.tcp://karthik:52520/OPCUA/SampleConsoleServer [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,SignAndEncrypt] ServiceResult=Bad_SecurityChecksFailed (0x80130000) “An error occurred verifying security.”
Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_SecurityChecksFailed (code=0x80130000, description=”Bad_SecurityChecksFailed (code=0x80130000, description=”An error occurred verifying security.”)”)

*** NOT connected to: opc.tcp://localhost:52520/OPCUA/SampleConsoleServer

I am looking for a help to proceed my work from here,

Best Regards
Karthi  

Hi,

I am trying to work with opc ua as well and am unable to make the connection between the sampleclient and server. I have gone through this thread and see myself in a similar situation. I tried the step to move the certficates from PKI/CA/rejected to PKI/CA/certs but I see no certificates present in PKI/CA/rejected. the error message is as follows.

——
Connecting to opc.tcp://localhost:52520/OPCUA/SampleConsoleServer
03/15/2017 16:45:21.188 INFO Creating a new application certificate & private key
03/15/2017 16:45:22.197 INFO Created a new Certificate: O=Sample Organisation, CN=SampleConsoleClient@Nikith; ApplicationURI=urn:Nikith:OPCUA:SampleConsoleClient KeySize=2048
03/15/2017 16:45:22.996 INFO HTTPS certificate saved to PKI\CA\private\SampleConsoleClient@Nikith_https.der
03/15/2017 16:45:23.001 INFO HTTPS private key saved to PKI\CA\private\SampleConsoleClient@Nikith_https.pem
Using SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
com.prosysopc.ua.client.ConnectException: Failed to retrieve endpoints. The server is not available: opc.tcp://localhost:52520/OPCUA/SampleConsoleServer ServiceResult=Bad_ConnectionRejected (0x80AC0000) “Could not establish a network connection to remote server.”
Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_ConnectionRejected (code=0x80AC0000, description=”2158755840, Connection refused: connect”)

*** NOT connected to: opc.tcp://localhost:52520/OPCUA/SampleConsoleServer
——–

kindly help me in this regard as I am only beginning to learn the server client connection.

Best Regards,
Nikith

Jouni Aro said
Bad_ConnectionRejected means that the SampleConsoleServer is not available. Make sure that it is running, when you connect.  

Hi Juoni,

Thank you for the effective response. However I now have a similar issue with the discovery server. the warning/error is as follows,

—————

03/21/2017 15:37:13.595 WARN Could not register server (offline) to Discovery Server at opc.tcp://localhost:4840 Cause: Failed to create secure channel to server: : opc.tcp://Nikith:4840 [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,SignAndEncrypt]
.
.
.
.
03/21/2017 15:37:15.093 WARN Could not register server (online) to Discovery Server at opc.tcp://localhost:4840 Cause: Failed to create secure channel to server: : opc.tcp://Nikith:4840 [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,SignAndEncrypt]

—————

I looked up a similar issue in the forum where the solution was suggested by installing an LDS. The link is : https://opcfoundation.org/developer-tools/developer-kits-unified-architecture/local-discovery-server-lds/
I performed the installation but could not find the folders (from the installed LDS) to update the certificates from ‘rejected’ to the trusted ‘certs’. Kindly advice on this issue.

As Always, thank you for the quick response.

Regards,
Nikith

Jouni Aro said
The LDS is an optional component, but may help the client applications to find your server.

For the LDS certificate store, please look at ‘C:\ProgramData\OPC Foundation\UA\Discovery\pki\’ (Note that C:\ProgramData is a hidden directory)  

yes you were right 🙂 Also with the fact that an LDS is optional. Everything was up and running last night but when i try to run the sampleconsoleserver today I have issues with the certificates again. Not sure if I have to tackle this each time i run the server or just once. the error is as follows. your inputs are valuable to me and helps immensely with my project. thanks

——–

03/22/2017 10:55:51.379 INFO File ‘PKI\CA\certs\ProsysSampleCA.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:55:51.418 INFO File ‘PKI\CA\certs\SampleConsoleClient@Nikith.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:55:51.420 INFO File ‘PKI\CA\certs\SampleConsoleClient@Nikith_https.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:55:51.424 INFO File ‘PKI\CA\certs\SampleConsoleServer@Nikith.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:55:51.426 INFO File ‘PKI\CA\certs\SampleConsoleServer@Nikith_https.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:56:05.592 INFO Issuer certificate loaded from PKI\CA\private\ProsysSampleCA.der
03/22/2017 10:56:07.034 INFO Issuer private key loaded from PKI\CA\private\ProsysSampleCA.pem
03/22/2017 10:56:07.037 INFO Reading application certificate from C:\Users\Nikith\Downloads\uasdkjavabundle-bin-EVAL-windows-jre16-v2.2.4-674\PKI\CA\private\SampleConsoleServer@Nikith.der
03/22/2017 10:56:07.039 INFO Reading private key from keystore C:\Users\Nikith\Downloads\uasdkjavabundle-bin-EVAL-windows-jre16-v2.2.4-674\PKI\CA\private\SampleConsoleServer@Nikith.pem
03/22/2017 10:56:07.047 INFO HTTPS certificate loaded from PKI\CA\private\SampleConsoleServer@Nikith_https.der
03/22/2017 10:56:07.051 INFO HTTPS private key loaded from PKI\CA\private\SampleConsoleServer@Nikith_https.pem
03/22/2017 10:56:07.318 INFO Loading model from jar:file:/C:/Users/Nikith/Downloads/uasdkjavabundle-bin-EVAL-windows-jre16-v2.2.4-674/Prosys-OPC-UA-Java-SDK-Client-Server-Evaluation-2.2.4-674/lib/Prosys-OPC-UA-Java-SDK-Client-Server-Evaluation-2.2.4-674.jar!/com/prosysopc/ua/server/Opc.Ua.NodeSet2.xml
03/22/2017 10:56:12.346 INFO Using an alternate endpoint URL ‘opc.tcp://Nikith:4840’ instead of the requested ‘opc.tcp://localhost:4840’

—————