14:33, EEST
April 9, 2013
Hello,
I wonder if there is a way to get the X509v3 Certificate from the Prosys OPC UA Java Client.
My OPC UA Server need that an administrator upload each X509 Certificate from allowed OPC UA Clients.
I did not find any repository on my PC where the Prosys OCP UA Java Client Certificate could have been saved.
Is there one or are you only creating it after the launch of the client.
I find a way to bypass it by launching Wireshark and copying the Bytes of the ClientCertificate Field, creating a file and then uploading it to my Server.
But that will be a lot more easier if this Certificate would be available somewhere on the computer running the Prosys OPC UA Java Client.
Regards.
Camille G.
14:46, EEST
April 9, 2013
7:27, EEST
December 21, 2011
9:00, EEST
April 9, 2013
Ok so now i can use the certificate for Authentication but the
Uri specified in the UserIdentityToken when using for example Sign shall be : http://www.w3.org/2000/09/xmld…..g#rsa-sha1 (same as the one use in the ClientSignature.Algorithm) but Prosys send SHA1withRsa.
I changed my Server to accept it but i think the specification define in Part 4 : 7.30 that the algorithm in SignatureData structure shall be the well defined URI of the algorithm and not another string value.
Regards
11:13, EEST
December 21, 2011
OK, we will need to check that. This is actually defined in the OPC Foundation UA Java Stack, and issues related to that can be reported to OPC Foundation at http://opcfoundation.org/mantis/. The OPC Foundation defines which issues will be fixed in the stack, but we will of course try to affect that as well.
12:55, EEST
April 9, 2013
The Uri specified in the UserTokenSignature and not UserIdentityToken as i wrote. Since the UserTokenSignature is empty for Authentication Mode Anonymous and Credentials but contains the signature of the Certiticate when authenticationMode : x509v3Certificate is choose.
So that is the UserTokenSignature Algorithm which should be the well defined Uri.
And I check with SecurityPolicy Basic128Rsa15 – Sign&Encrypt and got the same string : SHA1withRsa
8:26, EEST
December 21, 2011
I reported this to OPC Foundation:
http://opcfoundation.org/manti…..hp?id=2449
It seems that we have also misused it in the SDK. The server is checking the algorithm against the SecurityPolicy, instead of the algorithm defined in the UserTokenSignature. That’s why it has slipped from us as well.
Most Users Ever Online: 1919
Currently Online:
25 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 726
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1529
Posts: 6471
Newest Members:
gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuart, caitlynfajardo, jeromechubb7, franciscagrimwad, adult_galleryModerators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0
Administrators: admin: 1