Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

BadCertificateRevocationUnknown

More
25 Sep 2018 14:46 #6715 by Nick
Hello,
Thank you for your help.

I pre-generated the application certificate manually and saved it to the certificate store.

Everything is described under:

www.opclabs.com/files/onlinedocs/QuickOpc/Latest/User%27s%20...%20Instance%20Certificate.html

Best regards

Please Log in or Create an account to join the conversation.

More
19 Sep 2018 07:29 #6684 by support
Hello.

1. Switch to the "Manage Certificates" tab.
2. Make sure that "Store Type" is set to Directory.

3a. In the "Store Path", drop-down the list, and select the path ending with "Machine Default". The, press the "View Certificates" button. This is the store for the instance certificates of the UA apps on this computer.
AND/OR
3b. In the "Store Path", drop-down the list, and select the path ending with "UA Applications", and press "View Certificates". This store contains the certificates that are trusted by the UA apps on this computer.

Under normal circumstances, the instance certificate for your app will appear in both these stores, but just ONCE in every store (with the same Subject Name).

You can try to delete any certificates you do not need (or all of them) - you can right-click and choose "Delete". And then, restart your application, making sure it is done under elevated privileges (so that it has write access to the stores). This should re-create the app certificate and store it where it belongs to - if that was the cause of the problem.

Regards

Please Log in or Create an account to join the conversation.

More
19 Sep 2018 07:02 #6682 by Nick
Hello,
Thank you for your help.
The applications has a problem with verifying its *own* instance certificate.
I installed the UA Configuration Tool.
But where can I find the certificates e.g. for your Demo Application "EasyOpcUADemo" that is working.

Best Regards

Please Log in or Create an account to join the conversation.

More
18 Sep 2018 13:10 #6677 by support
Hello,

unfortunately, 5.23 is a rather old version, so we cannot provide any "deep" support for it. If I remember well, in 5.23 this error can basically have two causes (and only in later version the error message distinguishes between the two):

1) It can be that the application has problem verifying its *own* instance certificate,
2) It can be an error indicating that the server's instance certificate could not be verified.

Can you tell whether the client has even attempted to contact the server? This can be done e.g. by shutting down the server, disconnecting the network, or intentionally misspelling the URL. if the error changes, we are dealing with (2). If it does not change, we are dealing with (1).

In both cases, however, the resolution will probably involve analyzing and possibly fixing the contents of certificate stores on the client computer. For that, you will need this tool: www.opclabs.com/products/ua-configuration-tool .

Best regards





And, it is recommended that you upgrade to the newest version, of course.

Best regards

Please Log in or Create an account to join the conversation.

More
18 Sep 2018 10:08 #6674 by Nick
Dear Sir or Madam
we use your QuickOPC 5.23.
When I try to read OPC UA Data with your TestClient "EasyOpcUADemo" everything works. We also used your EasyUaClient integrated in our Testapplication. Now we get the error Message InnerException: OPC-UA service result - BadCertificateRevocationUnknown.
---- SERVICE RESULT ----
StatusCode: {BadCertificateRevocationUnknown} = 0x801B0000 (2149253120)
StatusCode: {BadCertificateRevocationUnknown} = 0x801B0000 (2149253120)
Description: BadCertificateRevocationUnknown
AdditionalInfo: >>> BadCertificateRevocationUnknown
--- at Opc.Ua.CertificateValidator.GetIssuer(X509Certificate2 certificate, CertificateIdentifierCollection explicitList, CertificateStoreIdentifier certificateStore, Boolean checkRecovationStatus)
--- at Opc.Ua.CertificateValidator.GetIssuers(X509Certificate2 certificate, List`1 issuers)
--- at Opc.Ua.CertificateValidator.InternalValidate(X509Certificate2 certificate)
--- at Opc.Ua.CertificateValidator.Validate(X509Certificate2 certificate)

during Read on different OPC UA Servers.

I only get this Error on my Development-PC. On an other Test-PC I can still connect and Read Data with the same Testapplication.
Your Demo Client also still works.

Where can we handle such Certificate issues in the EasyUaClient?

Best Regards

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.061 seconds