Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Cant authenticate when trying to login with UserIdentityCertificate
November 6, 2024
14:08, EET
Avatar
RafaelS
New Member
Members
Forum Posts: 2
Member Since:
November 6, 2024
sp_UserOfflineSmall Offline

Hello, everyone.
Been developing an OPC UA Client to integrate with the Coreflux MQTT broker and I’m currently stuck when trying to acess with a UserIdentityCertificate.

Authenticate with Anonymous or UserPass + SecurityPolicy and SecurityMessageMode works fine. So using the Application certificates is working fine.

I generated this .pfx certificate:
client_cert.pem client_cert.pfx client_csr.pem client_private_key.pem

and I’m passing to the .prosysopc/prosys-opc-ua-simulation-server/USERS_PKI/CA/certs the client_cert.pem

with this code:
if (this.Properties.AuthMode == AuthModeType.Certificate)
{
// Load .pfx file with password
if (!Path.GetExtension(this.Properties.UserCertificatePath).Equals(“.pfx”, StringComparison.OrdinalIgnoreCase))
throw new ArgumentException(“Only .pfx certificate files are supported.”);

//X509Certificate2 userCertificate = new X509Certificate2(this.Properties.UserCertificatePath, this.Properties.CertificatePassword);
X509Certificate2 userCertificate = new X509Certificate2(
this.Properties.UserCertificatePath,
this.Properties.CertificatePassword,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet
);
userIdentity = new UserIdentity(userCertificate);
Console.WriteLine($”—————————– {userCertificate.HasPrivateKey}”);
Console.WriteLine($”>>>>>>>>>>>>>>> Using certificate: {userCertificate.Thumbprint}”);
Console.WriteLine($”User Identity Type: {userIdentity.TokenType}”);

}

im always getting this so I believe everything is working fine in the code abovet:

—————————– True
>>>>>>>>>>>>>>> Using certificate: 185EC24E95206B9E3524ACC07A37CBED83339409
User Identity Type: Certificate

but then in the last part when i try to establish the session with the OPC UA server: this.Session = await Session.Create(config, configuredEndpoint, false, “OpcUaClientSession”, this.Properties.Timeout, userIdentity, null);
I get this error message: BadIdentityTokenRejected

I think the code is fine maybe I’m just passing the wrong file to the USERS_PKI/CA/certs. Let me know what your thoughts regarding my problem please.
Many thanks in advance.

November 6, 2024
14:54, EET
Avatar
Matti Siponen
Moderator
Members

Moderators
Forum Posts: 343
Member Since:
February 11, 2020
sp_UserOfflineSmall Offline

Hello,

The user certificate you put to USERS_PKI/CA/certs folder needs to be in DER-format. Your certificate is in PEM-format (at least its filename would suggest that), so Simulation Server is unable to open it.

You can find advice on how to convert PEM to DER here: https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/

November 6, 2024
17:34, EET
Avatar
RafaelS
New Member
Members
Forum Posts: 2
Member Since:
November 6, 2024
sp_UserOfflineSmall Offline

First of all, thanks Matti for your quick response.

I transformed my .pem file to .der and added it to the USERS_PKI/CA/certs but the problem is still here… BadIdentityTokenRejected.

Other thing is that when i used the SecurityPolicy and MessageSecurityMode my clients certificate appeared in the Certificates tab, but this UserIdentityCertificate doesnt appear.

I’m creating my certificate as self-signed. Is it ok or should be authenticated by a CA?

Should I only place the .der certificate USERS_PKI/CA/certs, or should I add a certificate to the client stores?

Do you recomend me a website that have all the correct steps to create the certificate needed for the server to accept it?

Once again, thanks in advance

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
13 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 736

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1518

Posts: 6426

Newest Members:

manual58d7237, RafaelS, charissa0814, christischippers, NikeGlync, chelseythorson, Williamalugs, doyleweddle42, berdeadoZet, gidgertrude

Moderators: Jouni Aro: 1024, Pyry: 1, Petri: 0, Bjarne Boström: 1021, Jimmy Ni: 26, Matti Siponen: 343, Lusetti: 0

Administrators: admin: 1