Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
SubjectAltName is missing
August 10, 2015
13:42, EEST
Avatar
Ibrahim
Member
Members
Forum Posts: 78
Member Since:
August 20, 2014
sp_UserOfflineSmall Offline

Hello,
when i connect to the OPC UA Server created with the Java SDK 2.1.0-436, with UaExpert, i get the following message:
“SubjectAltName is missing – this extension is mandatory according to the UA specification”.
Where can i set this “SubjectAltName”?
Thanks.

August 10, 2015
14:18, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1032
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

Subject Alternative Name is a field in the application certificate. Most likely the server uses the certificate created by the SDK, therefore it is automatically resolved from ApplicationDescription’s applicationUri property when creating the certificate. See the initialize method of SampleConsoleServer (should be around line 530) for example.

– Bjarne

August 10, 2015
14:34, EEST
Avatar
Ibrahim
Member
Members
Forum Posts: 78
Member Since:
August 20, 2014
sp_UserOfflineSmall Offline

Hi,
i have the lines, that set the applicationDescription in my server. Could it be something else?

August 10, 2015
15:17, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1032
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Not sure, sounds weird. Can you check the certificate (at least windows has a certificate viewer, not sure about other OS) and does it contain that field? Also which version of UaExpert you have? Does this issue happen when connecting to the SampleConsoleServer?

August 11, 2015
6:55, EEST
Avatar
Ibrahim
Member
Members
Forum Posts: 78
Member Since:
August 20, 2014
sp_UserOfflineSmall Offline

Hi,
i’m using Ubuntu 14.04. There is a certificate viewer too. I looked at the certificate of the sampleConsoleServer and found the alternative Name. Then i checked the certificate of my Server and that field was missing. My Version of UaExpert is: 1.3.0 201.

August 11, 2015
7:46, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1032
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

If it exist in the sample server and not in yours, we can at least rule out any UaExpert problems. So there must be a difference somewhere between the sample server and yours.

August 20, 2015
7:23, EEST
Avatar
Ibrahim
Member
Members
Forum Posts: 78
Member Since:
August 20, 2014
sp_UserOfflineSmall Offline

Hi,
i updated the Java SDK to 2.2.0-552 and the UaStack to 1.02.337.4. But i still have the same problem. i even replaced my initialization of the server with the one from the sample server, and still: SubjectAltName is missing in the certificate.
Hope anyone has an idea.

August 20, 2015
8:53, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Can you connect with security using the Prosys OPC UA Client or with the SampleConsoleClient included in the SDK?

August 20, 2015
10:01, EEST
Avatar
Ibrahim
Member
Members
Forum Posts: 78
Member Since:
August 20, 2014
sp_UserOfflineSmall Offline

Hi,
i changed my Server to “SecurityMode.ALL”. When i connect to this server with sampleConsoleClient i get “Bad_SecurityChecksFailed” (security mode: sign).
Then i copied the certificate of the server into th directory “PKI/CA/certs/” of the client. But i still get the same Exception.

August 20, 2015
10:27, EEST
Avatar
Ibrahim
Member
Members
Forum Posts: 78
Member Since:
August 20, 2014
sp_UserOfflineSmall Offline

I found out one interesting thing: My Server creates two certificates in directory “PKI/CA/private/”. One ends with “*.der” and the other one with “*_https.der”. The One which ends with “*_https.der” has the “SubjectAltName” field.

August 24, 2015
15:10, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

_https.der is used for HTTPS protocol. You should see SubjectAltName in both certificates.

Have you moved the client certifiicate to the trusted store of the server?

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
16 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 731

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

inilarythikibia, rickykennion, PromotionToold, HypromeImpupe, toneylapham544, rondawolinski7, Marypof5711, roycedelargie91, kourtneyquisenbe, ellis87832073466

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1