Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Prosys OPC UA Java Client Certificate
April 9, 2013
14:33, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

Hello,

I wonder if there is a way to get the X509v3 Certificate from the Prosys OPC UA Java Client.
My OPC UA Server need that an administrator upload each X509 Certificate from allowed OPC UA Clients.
I did not find any repository on my PC where the Prosys OCP UA Java Client Certificate could have been saved.
Is there one or are you only creating it after the launch of the client.

I find a way to bypass it by launching Wireshark and copying the Bytes of the ClientCertificate Field, creating a file and then uploading it to my Server.
But that will be a lot more easier if this Certificate would be available somewhere on the computer running the Prosys OPC UA Java Client.

Regards.

Camille G.

April 9, 2013
14:46, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

And I just found it after posting….

C:\Dokumente und Einstellungen\All Users\Prosys\OpcUaClient\PKI\CA\private

Last but not least is there a way to get the password of the private key to use it for Authentication with x509v3Certificate ?

April 10, 2013
7:27, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

The private key password is “opcua”.

April 10, 2013
9:00, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

Ok so now i can use the certificate for Authentication but the
Uri specified in the UserIdentityToken when using for example Sign shall be : http://www.w3.org/2000/09/xmld…..g#rsa-sha1 (same as the one use in the ClientSignature.Algorithm) but Prosys send SHA1withRsa.
I changed my Server to accept it but i think the specification define in Part 4 : 7.30 that the algorithm in SignatureData structure shall be the well defined URI of the algorithm and not another string value.

Regards

April 10, 2013
11:13, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

OK, we will need to check that. This is actually defined in the OPC Foundation UA Java Stack, and issues related to that can be reported to OPC Foundation at http://opcfoundation.org/mantis/. The OPC Foundation defines which issues will be fixed in the stack, but we will of course try to affect that as well.

April 10, 2013
12:55, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

The Uri specified in the UserTokenSignature and not UserIdentityToken as i wrote. Since the UserTokenSignature is empty for Authentication Mode Anonymous and Credentials but contains the signature of the Certiticate when authenticationMode : x509v3Certificate is choose.
So that is the UserTokenSignature Algorithm which should be the well defined Uri.
And I check with SecurityPolicy Basic128Rsa15 – Sign&Encrypt and got the same string : SHA1withRsa

April 15, 2013
8:26, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

I reported this to OPC Foundation:

http://opcfoundation.org/manti…..hp?id=2449

It seems that we have also misused it in the SDK. The server is checking the algorithm against the SecurityPolicy, instead of the algorithm defined in the UserTokenSignature. That’s why it has slipped from us as well.

May 7, 2013
19:15, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Just a note that this issue has been fixed in the Java stack – and SDK and will be available in the next updates. if you need a beta version, send email to our support.

May 8, 2013
6:18, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

Great !
I’m not in a hurry, I will wait for the stable one.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
25 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 726

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuart, caitlynfajardo, jeromechubb7, franciscagrimwad, adult_gallery

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1