Professional OPC
Development Tools

logos

Failure: OPC-UA service result - Unexpected signature algorithm

More
14 Feb 2019 07:18 #7089 by support
It looks like that the server certificate is signed using an unsupported algorithm (or, the algorithm is right but its URI is wrong).

QuickOPC supports SHA256, but the algorithm URI is different: www.w3.org/2001/04/xmldsig-more#rsa-sha256 .

The one used by QuickOPC is, to my knowledge, the right one, according to OPC specifications. See e.g. apps.opcfoundation.org/profilereporting/ , Security Category -> Facets -> Miscleaaneous -> SecurityPplicy -> SecurityPolicy ...

Best regards

Please Log in or Create an account to join the conversation.

More
14 Feb 2019 04:53 #7086 by sjscheider
When trying to connect to an OPC-UA server using a cert, I get the error below. Here the code I'm using which is basically the example. Any thought or suggestions on what is wrong? Is this a server issue or a client issue?

Code:
UAEndpointDescriptor endpointDescriptor = _endpoint;
 
            // Hook static events
            EasyUAClient.LogEntry += EasyUAClientOnLogEntry;
 
            try
            {
                // Set the application name, which determins the subject of the client certificate.
                // Note that this only works once in each host process.
                EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationName = "XXXXXXXXXXXXXXX";
 
                EasyUAClient.SharedParameters.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate = true;
 
                // Do something - invoke an OPC read, to trigger some loggable entries.
                var client = new EasyUAClient();
                try
                {
                    client.ReadValue(endpointDescriptor, "nsu=urn:XXXXXXXXXXXXXXXXXXX;ns=3;i=4");
                }
                catch (UAException uaException)
                {
                    Console.WriteLine("*** Failure: {0}", uaException.GetBaseException().Message);
                }

Error:
Information(161): The OPC-UA engine has determined the client instance certificate parameters as listed below.
SubjectName: XXXXXXXXXXXXXXXXXXXXXX
StorePath: %CommonApplicationData%\OPC Foundation\CertificateStores\MachineDefault
ApplicationName: XXXXXXXXXXXXXXXXXXXXXX
ApplicationUri: urn:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

*** Failure: OPC-UA service result - Unexpected signature algorithm : www.w3.org/2001/04/xmldsig#rsa-sha256 = BadSecurityChecksFailed.
---- SERVICE RESULT ----
Status Code: {BadSecurityChecksFailed} = 0x80130000 (2148728832)
Description: Unexpected signature algorithm : www.w3.org/2001/04/xmldsig#rsa-sha256

+ The SDK action called was "static Session.Create".
+ Following (15) events were gathered during the action on activity ID [8], in the order of first occurrence:
Exception: {Opc.Ua.ServiceResultException} Self Signed Certificate is not trusted. IssuerName: OU=Engineering, O=XXXXXXXXXX, L=XXXXXXX, S=XX, C=US, CN=XXXX XXX Controller @127.0.0.1
SDK trace: CreateSession Called. RequestHandle=1, PendingRequestCount=1
[12] SDK trace: Token #0 created. CreatedAt = 04:13:28.662 . Lifetime = 3600000
[7] SDK trace: Token #1 activated. CreatedAt = 04:13:28.662 . Lifetime = 600000
SDK trace: CreateSession Completed. RequestHandle=1, PendingRequestCount=0
SDK trace: Revised session timeout value: 60000.
SDK trace: Max response message size value: 4194304. Max request message size: 0
SDK trace: CloseSession Called. RequestHandle=2, PendingRequestCount=1
SDK trace: CloseSession Completed. RequestHandle=2, PendingRequestCount=0
[6] SDK trace: TCPCLIENTCHANNEL SOCKET CLOSED: 00000A68, ChannelId=3448538912
Exception: {Opc.Ua.ServiceResultException} BadSecureChannelClosed
SDK trace: CloseSession Called. RequestHandle=3, PendingRequestCount=1
2*Exception: {System.ObjectDisposedException} Cannot access a disposed object.
SDK trace: CloseSession Completed. RequestHandle=3, PendingRequestCount=0, StatusCode=Bad
+ Events starting with activity ID in [] may not necessarily be related to the current action.
+ The client method called was 'ReadMultiple'.
Processing log entry events for 10 seconds...
Done.

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.158 seconds

      

 Recommend this on Google