Professional OPC
Development Tools

logos

Self-Signed Certificate not Trusted Error When Deploying CPP Application

More
27 Nov 2019 18:12 #8050 by support
Thank you.

I am not sure about what has caused this, but - was there ever a different (older) version of QuickOPC on that machine? If so, the problem pis probably related to the upgrade. The error message (MissingFieldException) looks like than an incorrect version of the (OpcUANodeSet) assembly is being loaded.

Best regards

Please Log in or Create an account to join the conversation.

More
27 Nov 2019 12:16 #8044 by Holbach
Apologies, I meant to attach the log to the first post - going back now I don't see it attached. I have attached it here.

The last three lines from that file:

An exception of type 'System.MissingFieldException' from source 'OpcLabs.EasyOpcUA' has occurred in OPC-UA guarded operation 'SessionConnector.ConnectFunc'. The exception descend follows.

(1) {System.MissingFieldException} OpcLabs.EasyOpcUA(SetupSdkSessionEncodeableTypes) -> Field not found: 'Opc.Ua.Gds.DataTypeIds.ApplicationRecordDataType'.


11:58:22|11/22/19|10005390|MainServiceThread|Named Pipe Created

Please Log in or Create an account to join the conversation.

More
27 Nov 2019 07:55 #8038 by support
Hello, thank you for update. I do not think that registration of COM objects is related to this, however I cannot be sure because you wrote something confusing to me:

"The resulting log file ends with the same "Field not Found" error."

But, I do not think you have reported anything similar to this before. I cannot find any mention of "Field not Found". Can you please clarify - and also include the log/message details, for me to understand whatyou are actually talking about?

Thank you

Please Log in or Create an account to join the conversation.

More
26 Nov 2019 16:19 #8034 by Holbach
Thank you for that - unfortunately it did not do the trick. The resulting log file ends with the same "Field not Found" error. We re-installed the toolkit and did a full install - rather than a production install - and that seems to have done the trick. We are going to keep an eye on this and see if that fix is repeatable on other systems having the same issue. Is it possible that certain COM objects did not properly register during the install and that caused the errors we are seeing here?

Please Log in or Create an account to join the conversation.

More
26 Nov 2019 05:30 #8019 by support
Hello,

this looks like that for an unknown reason, the apps own certificate is not trusted.

I can only guess that things got somehow mixed in the certificate stores. Can you please try the steps described further below.

1. Download, install and run (with elevated privileges) the UA Configuration Tool - see kb.opclabs.com/UA_Configuration_Tool_Overview .
2. Switch to the Manage Certificates tab.
3. Verify that you have ".... UA Appplications" in the Store Path field.
4. Press View Certificates.
5. Locate any certificate that look "yours". Their name will be based on the name the app that has the issue. Select each such certificate, right-click on it, select Delete, and confirm. If you do not have other UA apps on your computer to be concerned about, you can delete all certificate that you see. When done, press OK.
6. click on the drop-down next to "Store Path", and select "... Machine Default".
7. Repeat steps 4 and 5 on the Machine Default store.
8. Close the UA Configuration Tool.

Then, try to run the app again. Make sure you run it - at least the first time - with elevated (admin) privileges. They are usually needed to store new certs into the certificate stores.

This may help - let me know about the outcome. If it doesn't, we will try further.

Best regards

Please Log in or Create an account to join the conversation.

More
25 Nov 2019 23:04 #8018 by Holbach
We are seeing the following error when deploying a C++ application on some machines. This does not happen on all machines this application is deployed to:

+ The SDK action called was "ApplicationInstance.CheckApplicationInstanceCertificate".
+ Following (5) events were gathered during the action on activity ID [1], in the order of first occurrence:
SDK trace: Checking application instance certificate.
SDK trace: Checking application instance certificate. CN=Station_Service, DC=L4OP-SP
Exception: {Opc.Ua.ServiceResultException} Self Signed Certificate is not trusted. IssuerName: CN=Station_Service, DC=L4OP-SP
SDK trace: Certificate 'CN=Station_Service, DC=L4OP-SP' rejected. Reason=BadCertificateUntrusted
SDK trace: Writing rejected certificate to directory: [Directory]ommonApplicationData\OPC Foundation\CertificateStores\RejectedCertificates
+ The error occurred while creating or checking the (client) application instance certificate. Check event log entries for errors and warnings.
+ The certificate generator path was "C:\ClydeInline\Station\Opc.Ua.CertificateGenerator.exe".
+ This is an engine-level error.DataChangeNotification Exception OpcLabs.EasyOpc.UA.UAServiceException: OPC-UA service result - Self Signed Certificate is not trusted.
IssuerName: CN=Station_Service, DC=L4OP-SP = BadCertificateUntrusted.

The application certificate is being generated as expected but being moved to the RejectedCertificates directory (as the error suggests). Code wise there is no difference between systems where the certificate is accepted, and machines where the certificate is not accepted.

Version in use here is 5.54.1156.1. I have attached the content of the log file generated when hooking into the UAClient LogEntry Event Handler.

Is there something obvious that I am missing here?

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.188 seconds

      

 Recommend this on Google