Log In
Register
Forum
Topic RSS
13:23, EET
January 31, 2020
Offline
Hi,
I am using ‘https://github.com/open62541/open62541/’ this opcua library. Created certificates using ‘tools/certs/create_self-signed.py’ file. After running this file it generates server_cert.der and server_key.der files. Now I want to add this certificate and key file in Prosys OPCUA Simulation Server(in Certificates tab). So that I can connect with my opcua cpp client.
Could you please tell me how I can add these certificates to Prosys Opcua Simulation Server (in Certificate tab)?
Thanks in advance.
15:00, EET
Moderators
August 6, 2019
Offline
Hi,
When you try to connect to the server with a secured connection the certificate should appear in the Certificates tab. Then you can right-click it to trust it.
8:40, EET
January 31, 2020
Offline
I have added certificate as trusted but still client is not getting connected to prosys opcua server. It gives following error :-
——————————–
INFO::OPCUA_SERVER_ADDRESS opc.tcp://host.docker.internal:53530/OPCUA/SimulationServer
[2020-02-17 11:11:00.196 (UTC+0550)] info/client Connecting to endpoint opc.tcp://host.docker.internal:53530/OPCUA/SimulationServer
[2020-02-17 11:11:00.196 (UTC+0550)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2020-02-17 11:11:00.197 (UTC+0550)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2020-02-17 11:11:00.202 (UTC+0550)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2020-02-17 11:11:00.205 (UTC+0550)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2020-02-17 11:11:00.206 (UTC+0550)] info/client SecurityPolicy not specified -> use default #None
[2020-02-17 11:11:00.248 (UTC+0550)] info/client TCP connection established
[2020-02-17 11:11:00.252 (UTC+0550)] info/channel Connection 528 | SecureChannel 6 | Opened SecureChannel with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2020-02-17 11:11:00.252 (UTC+0550)] info/client Endpoint and UserTokenPolicy unconfigured, perform GetEndpoints
…OK
[2020-02-17 11:11:00.259 (UTC+0550)] info/client Found 11 endpoints
[2020-02-17 11:11:00.259 (UTC+0550)] info/client Rejecting endpoint 0: security policy not available
[2020-02-17 11:11:00.259 (UTC+0550)] info/client Endpoint 1 has 5 user token policies
[2020-02-17 11:11:00.260 (UTC+0550)] info/client Selected Endpoint opc.tcp://host.docker.internal:53530/OPCUA/SimulationServer with SecurityMode Sign and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2020-02-17 11:11:00.261 (UTC+0550)] info/client Selected UserTokenPolicy anonymous with UserTokenType Anonymous and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2020-02-17 11:11:00.261 (UTC+0550)] info/client Disconnect to switch to a different SecurityPolicy
[2020-02-17 11:11:00.262 (UTC+0550)] info/client Connecting to endpoint opc.tcp://host.docker.internal:53530/OPCUA/SimulationServer
[2020-02-17 11:11:00.262 (UTC+0550)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2020-02-17 11:11:00.263 (UTC+0550)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2020-02-17 11:11:00.264 (UTC+0550)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2020-02-17 11:11:00.265 (UTC+0550)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2020-02-17 11:11:00.269 (UTC+0550)] info/client TCP connection established
[2020-02-17 11:11:00.375 (UTC+0550)] info/channel Connection 528 | SecureChannel 7 | Opened SecureChannel with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2020-02-17 11:11:00.379 (UTC+0550)] info/client Received a ServiceFault response with StatusCode BadServiceUnsupported
[2020-02-17 11:11:00.379 (UTC+0550)] error/client Could not open a Session with StatusCode BadServiceUnsupported
UA_Client_getState :: 0
————————————————————————————-
Suggest some solution.
14:27, EET
April 3, 2012
Offline
Ask help on that projects’s github page.
Alternatively provide some kinds of examples + steps to reproduce this.
Check with wireshark (https://www.prosysopc.com/blog/opc-ua-wireshark/)? Is the client actually connecting to the correct address i.e. does the “Hello” Message contain the proper EndpointUrl with the “…/OPCUA/SimulationServer” part. Check what service call failed and returned that service fault. What were it’s parameters? Note that you have to use Sign (not Sign&Encrypt) in order to see the calls.
Check SimulationServer’s logs at /.prosysopc/prosys-opc-ua-simulation-server/log
Generally our server’s has been working with normal clients that have been participating in the OPC Foundation’s IOP workshops. If we have errors, we can fix them if we know what they are.
9:42, EET
January 31, 2020
Offline
Thanks for reply. I tried to capture packets using wireshark and it is giving following information –
76 Hello Message
72 Acknowledge Message
176 OpenSecureChannel message: OpenSecureChannelRequest
179 OpenSecureChannel message: OpenSecureChannelResponse
172 UA Secure Conversation Message: GetEndpointsRequest
1928 UA Secure Conversation Message: GetEndpointsResponse
101 CloseSecureChannel message: CloseSecureChannelRequest
Steps to reproduce this issue –
step 1: Use following code for connection with opcua server
UA_ByteString certificate = loadFile(cert_file_path.c_str());
UA_ByteString privateKey = loadFile(key_file_path.c_str());
/* Load the trustList. Load revocationList is not supported now */
size_t trustListSize = 0;
if (argc > MIN_ARGS)
trustListSize = (size_t)argc – MIN_ARGS;
UA_STACKARRAY(UA_ByteString, trustList, trustListSize);
for (size_t trustListCount = 0; trustListCount < trustListSize; trustListCount++){
trustList[trustListCount] = loadFile(argv[trustListCount + 4]);
std::cout << " Trustlist [trustListCount] " << (trustList[trustListCount]).data << ", i = " << trustListCount <securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
UA_ClientConfig_setDefaultEncryption(cc, certificate, privateKey,
trustList, trustListSize,
revocationList, revocationListSize);
UA_ByteString_clear(&certificate);
UA_ByteString_clear(&privateKey);
for (size_t deleteCount = 0; deleteCount securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT; /* require encryption */
/*UA_Client* client = UA_Client_new();
UA_ClientConfig* cc = UA_Client_getConfig(client);
UA_ClientConfig_setDefault(cc);
cc->timeout = msSleep;*/
UA_StatusCode retval = UA_Client_connect(client, endpointUrl.c_str()); /// ——- Getting error after this line as (Could not open a Session with StatusCode BadServiceUnsupported)
if (retval != UA_STATUSCODE_GOOD) {
UA_Client_delete(client);
return EXIT_FAILURE;
}
Step 2: Endpoint url is “opc.tcp://host.docker.internal:53530/OPCUA/SimulationServer”
12:06, EET
April 3, 2012
Offline
Check SimulationServer’s logs at (your home folder)/.prosysopc/prosys-opc-ua-simulation-server/log, if the client sent something we do not support (or client is not allowed to send), a line showing “Service {name} is not supported” should be visible on the INFO level (and this is the default logging level so it should show up). For example, if it so were to happen that the client would call FindServersOnNetwork, you would get that error, since that service call is only allowed to be called for DiscoveryServers (not normal servers, those can still however reply to FindServers).
If it were that FindServersOnNetwork then you will need to report a bug to that projects github page (and somehow connect without calling that as a workaround where possible).
If not, let us know what it was.
If the log does not show anything, check more with wireshark. NOTE!! As I said, you need to use Sign (NOT Sign&Encrypt) if you wish to see anything useful if wireshark. Your log only shows the first part, nothing wrong there (as far as I can see). Typically client will make 2 connections, first one without security that can call GetEndpoints (since these are needed for other calls later and that can/must be called without security). Then that is closed and a separate is opened with the selected security mode. Somewhere there one of these calls fails. That would be the one to look for (and all other calls before it as well).
Normally the wireshark should look something like this (need None or Sign, as otherwise on Sign&Encrypt after the secure channel is formed (the second time) the messages are encrypted thus not something wireshark would understand):
Hello
Acknowledge
OpenSecureChannelRequest
OpenSecureChannelResponse
GetEndpointsRequest
GetEndpointsResponse
CloseSecureChannelRequest
probably wont see CloseSecureChannelResponse, client usually terminates the socket after the request
Hello
Acknowledge
OpenSecureChannelRequest
OpenSecureChannelResponse
CreateSessionRequest
CreateSessionResponse
ActivateSessionRequest
ActivateSessionResponse
(your calls then)
There might be some small variations, but mostly like that.
P.S.
Please note, we wont generally debug your code for you, not even if you were our SDK customer, our normal technical support _only_ covers fixing bugs, but it would even then be upto you to show differences to the specification (i.e. tell what we do wrong). _Everything else_ is just goodwill from our part. Though if you were to use our SDKs it would be a lot easier to help.. Out of interop interest we have tried to use the lib now a short while ourselves, but that seems to be non-trivial (outside of simple None security mode connection, that does work).
6:50, EET
January 31, 2020
Offline
Hi,
I tried to connect opcua client to Top Server with encryption and the connection was successful. Then I did same settings and used same certificates in Prosys OPCUA Server but getting the same error as follows :-
[2020-02-21 10:17:13.902 (UTC+0550)] info/client TCP connection established
[2020-02-21 10:17:14.093 (UTC+0550)] info/channel Connection 440 | SecureChannel 2 | Opened SecureChannel with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2020-02-21 10:17:14.101 (UTC+0550)] info/client Received a ServiceFault response with StatusCode BadServiceUnsupported
[2020-02-21 10:17:14.101 (UTC+0550)] error/client Could not open a Session with StatusCode BadServiceUnsupported
Does this mean the client has requested for some service ans server does not support that service?
Am I correct?
Most Users Ever Online: 518
Currently Online:
18 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
hbrackel: 135
pramanj: 86
Francesco Zambon: 81
rocket science: 77
ibrahim: 75
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
fred: 41
Member Stats:
Guest Posters: 0
Members: 685
Moderators: 16
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1467
Posts: 6259
Newest Members:
fidelduke938316, Jan-Pfizer, DavidROunc, fen.pang@woodside.com, aytule, rashadbrownrigg, christi10l, ahamad1, Flores Frederick, ellenmossModerators: Jouni Aro: 1009, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 983, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 26, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 321, Lusetti: 0, Ari-Pekka Soikkeli: 5
Administrators: admin: 1
