Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Prosys OPC UA Java Client Certificate
April 9, 2013
14:33, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

Hello,

I wonder if there is a way to get the X509v3 Certificate from the Prosys OPC UA Java Client.
My OPC UA Server need that an administrator upload each X509 Certificate from allowed OPC UA Clients.
I did not find any repository on my PC where the Prosys OCP UA Java Client Certificate could have been saved.
Is there one or are you only creating it after the launch of the client.

I find a way to bypass it by launching Wireshark and copying the Bytes of the ClientCertificate Field, creating a file and then uploading it to my Server.
But that will be a lot more easier if this Certificate would be available somewhere on the computer running the Prosys OPC UA Java Client.

Regards.

Camille G.

April 9, 2013
14:46, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

And I just found it after posting….

C:\Dokumente und Einstellungen\All Users\Prosys\OpcUaClient\PKI\CA\private

Last but not least is there a way to get the password of the private key to use it for Authentication with x509v3Certificate ?

April 10, 2013
7:27, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 946
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

The private key password is “opcua”.

April 10, 2013
9:00, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

Ok so now i can use the certificate for Authentication but the
Uri specified in the UserIdentityToken when using for example Sign shall be : http://www.w3.org/2000/09/xmld…..g#rsa-sha1 (same as the one use in the ClientSignature.Algorithm) but Prosys send SHA1withRsa.
I changed my Server to accept it but i think the specification define in Part 4 : 7.30 that the algorithm in SignatureData structure shall be the well defined URI of the algorithm and not another string value.

Regards

April 10, 2013
11:13, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 946
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

OK, we will need to check that. This is actually defined in the OPC Foundation UA Java Stack, and issues related to that can be reported to OPC Foundation at http://opcfoundation.org/mantis/. The OPC Foundation defines which issues will be fixed in the stack, but we will of course try to affect that as well.

April 10, 2013
12:55, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

The Uri specified in the UserTokenSignature and not UserIdentityToken as i wrote. Since the UserTokenSignature is empty for Authentication Mode Anonymous and Credentials but contains the signature of the Certiticate when authenticationMode : x509v3Certificate is choose.
So that is the UserTokenSignature Algorithm which should be the well defined Uri.
And I check with SecurityPolicy Basic128Rsa15 – Sign&Encrypt and got the same string : SHA1withRsa

April 15, 2013
8:26, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 946
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

I reported this to OPC Foundation:

http://opcfoundation.org/manti…..hp?id=2449

It seems that we have also misused it in the SDK. The server is checking the algorithm against the SecurityPolicy, instead of the algorithm defined in the UserTokenSignature. That’s why it has slipped from us as well.

May 7, 2013
19:15, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 946
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Just a note that this issue has been fixed in the Java stack – and SDK and will be available in the next updates. if you need a beta version, send email to our support.

May 8, 2013
6:18, EEST
Avatar
cguerin
Vienna, Austria
Member
Members
Forum Posts: 20
Member Since:
April 9, 2013
sp_UserOfflineSmall Offline

Great !
I’m not in a hurry, I will wait for the stable one.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 267

Currently Online:
6 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 122

pramanj: 86

ibrahim: 74

rocket science: 65

kapsl: 57

gjevremovic: 49

Sabari: 46

Xavier: 42

TimK: 41

fred: 41

Member Stats:

Guest Posters: 0

Members: 3344

Moderators: 17

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1300

Posts: 5561

Newest Members:

UPtato42, fblvicky6629601, elliebloomer44, Manuelagibe, justinafavenc54, sarlaman9, nancymcneal1, elztaim591797, JeffreyAidet, sameisenhower7

Moderators: Jouni Aro: 946, Otso Palonen: 32, Tuomas Hiltunen: 5, janimakela: 0, Pyry: 1, Terho: 0, Petri: 0, Bjarne Boström: 836, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 25, Teppo Uimonen: 21, Markus Johansson: 41, Niklas Nurminen: 0, Matti Siponen: 221, Lusetti: 0

Administrators: admin: 1