12:57, EET
March 9, 2017
Hi,
I can able to connect to the simulation server via normal security mode i.e client.setSecurityMode(SecurityMode.NONE);
If I try to use the security function like(Sign &Encr, Sign) in client its shows NullPointerError.
Security function(Sign &Encr, Sign) works fine when I connect SampleConsole Client and the ConsoleServer.
Exception in thread “min” java.lang.NullPointerException: localApplicationInstanceCertificate is null
at org.opcfoundation.ua.transport.security.SecurityConfiguration.(Unknown Source)
at org.opcfoundation.ua.transport.tcp.io.TcpConnection.initialize(Unknown Source)
at org.opcfoundation.ua.transport.tcp.io.SecureChannelTcp.initialize(Unknown Source)
at org.opcfoundation.ua.transport.tcp.io.SecureChannelTcp.initialize(Unknown Source)
at org.opcfoundation.ua.application.Client.createSecureChannel(Unknown Source)
at com.prosysopc.ua.client.UaClient.o(Unknown Source)
at com.prosysopc.ua.client.UaClient.connect(Unknown Source)
at com.prosysopc.ua.samples.client.Historical_data.main(Historical_data.java:32)
But everything works fine with (SecurityMode.NONE). I am looking for some help in this!
Regards
11:51, EET
March 9, 2017
hi,
I even tried by connecting my SampleconsoleClient with prosys simulation server, It is connecting if I select the security mode as None, but if I choose the security mode to Sign or Sign&Encry it’s showing the following error.
Select the security mode to use.
(n=None,s=Sign,e=SignAndEncrypt)
s
Connecting to opc.tcp://peter:53530/OPCUA/SimulationServer
Using SecurityPolicy http://opcfoundation.org/UA/Se…..ic128Rsa15
com.prosysopc.ua.client.ConnectException: Failed to create secure channel to server: : opc.tcp://peter:53530/OPCUA/SimulationServer [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,Sign] ServiceResult=Bad_SecurityChecksFailed (0x80130000) “An error occurred verifying security.”
Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_SecurityChecksFailed (code=0x80130000, description=”Bad_SecurityChecksFailed (code=0x80130000, description=”An error occurred verifying security.”)”)
I don’t know where I am going wrong. looking for your help!!
Regrads
15:04, EET
December 21, 2011
15:54, EET
March 9, 2017
17:46, EET
March 9, 2017
16:24, EEST
March 9, 2017
hi,
can anyone help me with this error!
i have the same error as i mentioned above.
Exception in thread “min” java.lang.NullPointerException: localApplicationInstanceCertificate is null
at org.opcfoundation.ua.transport.security.SecurityConfiguration.(Unknown Source)
at org.opcfoundation.ua.transport.tcp.io.TcpConnection.initialize(Unknown Source)
at org.opcfoundation.ua.transport.tcp.io.SecureChannelTcp.initialize(Unknown Source)
at org.opcfoundation.ua.transport.tcp.io.SecureChannelTcp.initialize(Unknown Source)
at org.opcfoundation.ua.application.Client.createSecureChannel(Unknown Source)
at com.prosysopc.ua.client.UaClient.o(Unknown Source)
at com.prosysopc.ua.client.UaClient.connect(Unknown Source)
at com.prosysopc.ua.samples.client.Historical_data.main(Historical_data.java:32)
looking for your help.
Regards
17:08, EEST
April 17, 2013
Hello,
The error message states that “localApplicationInstanceCertificate is null”.
You mentioned in the first post that “Security function(Sign &Encr, Sign) works fine when I connect SampleConsole Client “.
So, it sounds like there’s something wrong with the application instance certificate of your client application. How are you creating the ApplicationIdentity in your client? You can look at the SampleConsoleClient.initialize method for example.
20:42, EEST
March 9, 2017
Hi Heikki,
I solved this problem (“localApplicationInstanceCertificate is null). Now I can create the certificate as my consoleClient creates, I manually trusted the certificates in the simulation server.For Https the code works. when I tried to connect with tcp it shows the following error!
04/07/2017 20:16:46.548 INFO Reading application certificate from C:\Users\peter\workspace\OPCua\PKI\CA\private\tk3.der
04/07/2017 20:16:46.554 INFO Reading private key from keystore C:\Users\peter\workspace\OPCua\PKI\CA\private\tk3.pem
04/07/2017 20:16:48.528 INFO HTTPS certificate loaded from PKI\CA\private\tk3_https.der
04/07/2017 20:16:48.539 INFO HTTPS private key loaded from PKI\CA\private\tk3_https.pem
04/07/2017 20:16:51.190 INFO Certificate ‘A1BB7AAB953B4B6C677451A3E14BE0B2679169D3’ added to rejected certificates.
Exception in thread “main” com.prosysopc.ua.ServiceException: Invalid server certificate ServiceResult=Bad_SecurityChecksFailed (0x80130000) “An error occurred verifying security.” Diagnostics=Diagnostic Info:
Invalid server certificate
at com.prosysopc.ua.client.UaClient.connect(Unknown Source)
at com.prosysopc.ua.samples.client.Uaclient.main(Uaclient.java:36)
I even copied the certificate from rejected folder to certs folder.As of now, I am using.BASIC128RSA15_SIGN for security mode. Looking for your help.
12:34, EEST
April 17, 2013
Hello,
The line
tells that the client application does not trust the server certificate.
I think the problem is very simple: you mentioned that “I even copied the certificate from rejected folder to certs folder.”
When you copy the file, it will still reside in the rejected folder. You need to move the file, so that it will only reside in certs folder.
Also, please see the MyCertificateValidationListener example in the SDK package. This shows an example on how you can prompt the user for validation, if necessary.
13:33, EEST
March 9, 2017
Hi Heikki,
sorry being silly, i didn’t get this part.
I have moved the certificate from rejected folder to certs, but this time a new error came which is
Failed to create secure channel to server: : opc.tcp://Peter-PC.mshome.net:53530/OPCUA/SimulationServer [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,Sign] ServiceResult=Bad_SecurityChecksFailed (0x80130000) “An error occurred verifying security.”
I self-trusted the certificates in the server, and there is no certificate in rejected folder. I would like you to check my code, I might make some mistake
final PkiFileBasedCertificateValidator validator = new PkiFileBasedCertificateValidator();
client.setCertificateValidator(validator);
validator.setValidationListener(validationListener);
//*** Application Description is sent to the server
ApplicationDescription appDescription = new ApplicationDescription();
appDescription.setApplicationName(new LocalizedText(“tk3″+ “Peter-PC.mshome.net”));
appDescription.setApplicationUri(“urn:Peter-PC.mshome.net:UA:”+”tk3”);
appDescription.setProductUri(“urn:prosysopc.com:UA:”+”tk3”);
appDescription.setApplicationType(ApplicationType.Client);
//ApplicationIdentity
final ApplicationIdentity identity = ApplicationIdentity.loadOrCreateCertificate(appDescription,”Sample Organisation”, “opcua”,
privatePath,issuerCertificate,keySizes,true); // i kept the issuerCertificate and Keysize as null;
//Create the HTTPS certificate.
String hostName = InetAddress.getLocalHost().getHostName();
identity.setHttpsCertificate(ApplicationIdentity.loadOrCreateHttpsCertificate(appDescription, hostName, “opcua”,issuerCertificate,
privatePath, true));
client.setApplicationIdentity(identity);
What I think is the certificate is not validating correctly, my client cant able to get the certificate from PKI\CA\certs\ . I don’t know exactly it’s just a guess! looking for your suggestion ..
15:43, EEST
April 17, 2013
Hi,
Based on the error message, there’s some issue with the client application certificate which makes the certificate validation fail in the Simulation Server application.
One thing to note in the above code is that you don’t have to use hard-coded hostnames such as ‘Peter-PC.mshome.net’. Instead, you should use ‘localhost’ in ApplicationName and ApplicationURI. All lower case ‘localhost’ in the ApplicationName and ApplicationURI is converted to the actual host name of the computer in which the application is run.
appDescription.setApplicationUri("urn:localhost:OPCUA:" + APP_NAME);
Also, after making this modification, you need to delete the previous certificate and private key from the PKI folder. Otherwise, the loadOrCreateCertificate will load the previous files.
Please try making these modifications and see if the connection works then.
13:06, EEST
March 9, 2017
Hi Heikki,
The above problem is solved. As I can able to get the output from the server, still the certificate uri is not matching, there is no error, but I would like to know the problem why the uri is not matching. and another problem is even if I trusted my certificate (always), because of the different uri I have to trust the certificate every time.
** The Server Certificate :
Subject : DC=DESKTOP-6FRQH0D, O=Prosys OPC, CN=SimulationServer, Issued by : DC=DESKTOP-6FRQH0D, O=Prosys OPC, CN=SimulationServer
Valid from: Sat Apr 01 14:29:22 CEST 2017, to: Tue Mar 30 15:29:22 CEST 2027
* The Certificate URI DOES NOT MATCH the ApplicationDescription URI!
ApplicationURI in ApplicationDescription = urn:Peter-PC.mshome.net:OPCUA:SimulationServer
ApplicationURI in Certificate = urn:DESKTOP-6FRQH0D:OPCUA:SimulationServer
* The Certificate is self-signed.
Note: If the certificate is not OK, you will be prompted again, even if you answer ‘Always’ here.
Do you want to accept this certificate? (A=Always, Y=Yes, this time, N=No) (D=Show Details of the Certificate)
A
04/19/2017 11:48:02.900 INFO Certificate ‘A1BB7AAB953B4B6C677451A3E14BE0B2679169D3’ added to trusted certificates.
328
My desktop name is Peter-PC I checked again, I am looking for your suggestion.
regards
peter
10:43, EEST
December 21, 2011
The URI is not matching if the hostname of the computer has changed after you have created the certificate for the server (i.e. started it for the first time). You should go to the PKI directory of the Simulation Server (see the User Manual) and remove the files from the ‘private’ directory. After restarting the server, it will recreate the certificates with the current hostname.
The client implementation, which decides whether the certificate is trusted or not and which affects the behaviour, when you press ‘Always’ is just a sample, and it may be possible to modify it to accept the invalid certificate in future. See the MyCertificateValidationListener class (in SDK samples) for the details.
13:43, EEST
March 9, 2017
I have done the correction, now i facing one more problem i can abe to run all the security configuration in my JAVA IDE.
If i convert the same program into a runnable jar file i can’t able to read the values. it generated a PKI folder where my jar file is located inside that: PKI\CA\private i have the certificates and i trusted certificate of the jar file in the server too.
But the runnable jar file is working when there is no security methods are choosen
Is it due to i cant able to trust my certificate? (A=Always, Y=Yes, this time, N=No) (D=Show Details of the Certificate) in my runnable jar file?
Most Users Ever Online: 1919
Currently Online:
13 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 735
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1523
Posts: 6449
Newest Members:
rust, christamcdowall, redaahern07571, nigelbdhmp, travistimmons, AnnelCib, dalenegettinger, howardkennerley, Thomassnism, biancacraft16Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1026, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0
Administrators: admin: 1