Log In
Register
Forum
Topic RSS
14:33, EEST
April 9, 2013
Offline
Hello,
I wonder if there is a way to get the X509v3 Certificate from the Prosys OPC UA Java Client.
My OPC UA Server need that an administrator upload each X509 Certificate from allowed OPC UA Clients.
I did not find any repository on my PC where the Prosys OCP UA Java Client Certificate could have been saved.
Is there one or are you only creating it after the launch of the client.
I find a way to bypass it by launching Wireshark and copying the Bytes of the ClientCertificate Field, creating a file and then uploading it to my Server.
But that will be a lot more easier if this Certificate would be available somewhere on the computer running the Prosys OPC UA Java Client.
Regards.
Camille G.
14:46, EEST
April 9, 2013
Offline
And I just found it after posting….
C:\Dokumente und Einstellungen\All Users\Prosys\OpcUaClient\PKI\CA\private
Last but not least is there a way to get the password of the private key to use it for Authentication with x509v3Certificate ?
7:27, EEST
December 21, 2011
Offline
The private key password is “opcua”.
9:00, EEST
April 9, 2013
Offline
Ok so now i can use the certificate for Authentication but the
Uri specified in the UserIdentityToken when using for example Sign shall be : http://www.w3.org/2000/09/xmld…..g#rsa-sha1 (same as the one use in the ClientSignature.Algorithm) but Prosys send SHA1withRsa.
I changed my Server to accept it but i think the specification define in Part 4 : 7.30 that the algorithm in SignatureData structure shall be the well defined URI of the algorithm and not another string value.
Regards
11:13, EEST
December 21, 2011
Offline
OK, we will need to check that. This is actually defined in the OPC Foundation UA Java Stack, and issues related to that can be reported to OPC Foundation at http://opcfoundation.org/mantis/. The OPC Foundation defines which issues will be fixed in the stack, but we will of course try to affect that as well.
12:55, EEST
April 9, 2013
Offline
The Uri specified in the UserTokenSignature and not UserIdentityToken as i wrote. Since the UserTokenSignature is empty for Authentication Mode Anonymous and Credentials but contains the signature of the Certiticate when authenticationMode : x509v3Certificate is choose.
So that is the UserTokenSignature Algorithm which should be the well defined Uri.
And I check with SecurityPolicy Basic128Rsa15 – Sign&Encrypt and got the same string : SHA1withRsa
8:26, EEST
December 21, 2011
Offline
I reported this to OPC Foundation:
http://opcfoundation.org/manti…..hp?id=2449
It seems that we have also misused it in the SDK. The server is checking the algorithm against the SecurityPolicy, instead of the algorithm defined in the UserTokenSignature. That’s why it has slipped from us as well.
Most Users Ever Online: 1919
Currently Online:
34 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 734
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1523
Posts: 6449
Newest Members:
christamcdowall, redaahern07571, nigelbdhmp, travistimmons, AnnelCib, dalenegettinger, howardkennerley, Thomassnism, biancacraft16, edgardo3518Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1026, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0
Administrators: admin: 1
