15:23, EEST
January 30, 2014
Hi Aro,
I have a problem to connect to in house opc ua server solution devloped by using prosys C SDK.
In house opc ua server is on different machine and there is no diff in datetime btwn client server.
I tried also with IP addresses for server name but the result is the same.
For client side I am using Prosys-OPC-UA-Java-SDK-Client-Binary-1.4.8-8731.
My client works fine with UADemoServer. It connects in both modes NONE and BASIC128RSA15_SIGN.
But when I tried to connect to in house opc ua server which supports NONE and BASIC256_SIGN_ENCRYPT modes (Anonymous)
client received Bad_CertificateInvalid (0x80120000) in BASIC256_SIGN_ENCRYPT mode:
ERROR TcpConnection.run – CP336/10.150.109.110:4842 Error
org.opcfoundation.ua.common.ServiceResultException: Bad_CertificateInvalid (0x80120000) “The certificate provided as a parameter is not valid.”
at org.opcfoundation.ua.transport.tcp.io.TcpConnection$ReadThread.run(Unknown Source)
08.04.2014 16:42:47,579 ERROR ProsysExceptionPrintingUtil.printException – com.prosysopc.ua.client.ConnectException: Failed to create secure channel to server: : opc.tcp://CP336:4842 [http://opcfoundation.org/UA/SecurityPolicy#Basic256,SignAndEncrypt] ServiceResult=Bad_CertificateInvalid (0x80120000) “The certificate provided as a parameter is not valid.”
08.04.2014 16:42:47,588 ERROR ProsysExceptionPrintingUtil.printException – Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_CertificateInvalid (0x80120000) “The certificate provided as a parameter is not valid.”
and when tried to connect by using mode NONE client received Bad_UnexpectedError (0x80010000) :
ERROR ProsysExceptionPrintingUtil.printException – com.prosysopc.ua.client.InvalidServerEndpointException: Failed to create session channel to server: : opc.tcp://CP336:4842 [http://opcfoundation.org/UA/SecurityPolicy#None,None] ServiceResult=Bad_UnexpectedError (0x80010000) “An unexpected error occurred.”
08.04.2014 16:55:05,364 ERROR ProsysExceptionPrintingUtil.printException – Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_UnexpectedError (code=0x80010000, description=”Requested endpoint is not found on the server”)
Than I tried with UaExpert opc ua client and this client connects to in house opc ua server without problems.
Also with sample prosys C client there is no problem to establish connection.
Do you have any hint where I can dig further?
Best regards,
Goran
16:33, EEST
January 30, 2014
I noticed that validation of certificates is not a problem.
For example in mode BASIC256_SIGN_ENCRYPT when I moved client certificate from rejected to certs of server PKI
error Bad_CertificateInvalid (0x80120000) “The certificate provided as a parameter is not valid.” disappeared.
After client restart the same error is returned as in security mode NONE:
08.04.2014 19:30:41,659 DEBUG ~~~~~~ protocol: opc.tcp ~~~~~~~~ hostname: CP336 ~~~~~~~~~~~ port: 4842 ~~~~~~~~~~ security:BASIC256_SIGN_ENCRYPT
08.04.2014 19:30:41,716 DEBUG ~~~~~~~~~~~~~~~~~~~~~~~~~~ Create a server connection using server URI passed
08.04.2014 19:30:42,120 DEBUG ~~~~~~~~~~~~~~~~~~~~~~~~~~ ApplicationIdentity.loadOrCreateCertificate passed
08.04.2014 19:30:42,121 DEBUG ~~~~~~~~~~~~~~~~~~~~~~~~~~ set the user identity passed
08.04.2014 19:30:42,389 DEBUG ~~~~~~~~~~~~~~~~~~~~~~~~~~ match of supported security modes passed
08.04.2014 19:30:42,688 ERROR ProsysExceptionPrintingUtil.printException – com.prosysopc.ua.client.InvalidServerEndpointException: Failed to create session channel to server: : opc.tcp://CP336:4842 [http://opcfoundation.org/UA/SecurityPolicy#Basic256,SignAndEncrypt] ServiceResult=Bad_UnexpectedError (0x80010000) “An unexpected error occurred.”
08.04.2014 19:30:42,688 ERROR ProsysExceptionPrintingUtil.printException – Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_UnexpectedError (code=0x80010000, description=”Requested endpoint is not found on the server”)
This means Bad_UnexpectedError (code=0x80010000, description=”Requested endpoint is not found on the server” is the only problem but I can’t
conclude why client fails to create session channel to server?
I read also:
http://www.prosysopc.com/blog/forum/opc-ua-java-sdk/testing-the-java-sdk/#p117
Currently I don’t have server log but I didn’t doubt on wrong URL as I am using the same url as discovery url from UaExpert client.
Probably it is related to:
“The servers define a list of endpoints that they are listening to. The client can only connect to the server using an URI that matches one of these endpoints. But the UaClient will convert it to the actual hostname, if the server does not define ’localhost’ in its endpoints.
Also IP number can only be used, if the server also defines the respective endpoint using the IP number.
If you are using the client in Linux, you cannot use NetBIOS computer names to access Windows servers. In general it is best to use TCP/IP DNS names from all clients. Alternatively, you can always use the IP address of the computer, if you make sure that the server also initializes an endpoint using the IP address, in addition to the hostname.”
Best regards,
Goran
5:40, EEST
January 30, 2014
8:28, EEST
December 21, 2011
12:45, EEST
December 21, 2011
1:31, EEST
September 8, 2015
Hi,
I’m getting the same error using Basic128Rsa15 or Basic256. The server doesn’t support None so I can’t test that. This is a KepWare OPC UA server and I am able to connect to it using the OPC UA Viewer by CAS, with no issues.
sys::Err: com.prosysopc.ua.client.ConnectException: Failed to create secure channel to server: : opc.tcp://**.**.**.**:***** [http://opcfoundation.org/UA/SecurityPolicy#Basic256,SignAndEncrypt] ServiceResult=Bad_CertificateInvalid (0x80120000) “The certificate provided as a parameter is not valid.”
I’m at a loss as to how to debug this and find out what exactly is the matter.
7:24, EEST
December 21, 2011
19:11, EEST
September 8, 2015
Jouni Aro said
The server is not accepting the certificate of your client application. According to the error code, there is something invalid in the certificate. Did you make it with loadOrCreateCertificate? Can you connect with the SampleConsoleClient?
Silly me, I simply needed to trust the certificate on the server side.
I figured it out. Thanks!
Most Users Ever Online: 1919
Currently Online: inilarythikibia
23 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 731
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1529
Posts: 6471
Newest Members:
inilarythikibia, rickykennion, PromotionToold, HypromeImpupe, toneylapham544, rondawolinski7, Marypof5711, roycedelargie91, kourtneyquisenbe, ellis87832073466Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0
Administrators: admin: 1