Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Certificate's signature algorithm

More
01 Jun 2020 10:14 #8531 by KrisSik
Hi,

They are attached to this message.
Attachments:

Please Log in or Create an account to join the conversation.

More
01 Jun 2020 10:10 #8530 by support
Hello,
can you please post your modified .config file as well? The problem is that I do not see the entries I expected in the trace file. So, I want to check if the .config file is OK.

Thank you

Please Log in or Create an account to join the conversation.

More
01 Jun 2020 07:51 #8529 by KrisSik
Oops, forgot to attach the file.
Attachments:

Please Log in or Create an account to join the conversation.

More
01 Jun 2020 07:49 #8528 by KrisSik
Hi,

I repeated those actions with enabled extended traces. Please, find the file with traces in the attachments.

Best regards,
Kristian

Please Log in or Create an account to join the conversation.

More
30 May 2020 05:58 #8526 by support
Thank you.

The certificate is probably being rejected for some reason, but the normal log entry do not contain enough information.
We need to go deeper. Can you please enable the extended tracing (kb.opclabs.com/QuickOPC:_How_to_enable_extended_tracing ) and provide us with the collected data.

Kind regards

Please Log in or Create an account to join the conversation.

More
29 May 2020 08:27 #8522 by KrisSik
Hello,

Yes I did put the files in the following locations:
C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault\private\MYH3 [2B62F0474B87FA86E543B61E6C1A4BC3D144D3C2].pfx
C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault\certs\MYH3 [2B62F0474B87FA86E543B61E6C1A4BC3D144D3C2].der
C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs\MYH3 [2B62F0474B87FA86E543B61E6C1A4BC3D144D3C2].der

And after connection attempt they are deleted and replace by the following newly generated certificate files:
C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault\private\MYH3 [0083C1A616A2BBFA810632DDB116D3A1E451F42B].pfx
C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault\certs\MYH3 [0083C1A616A2BBFA810632DDB116D3A1E451F42B].der
C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs\MYH3 [0083C1A616A2BBFA810632DDB116D3A1E451F42B].der

Best regards,
Kristian

Please Log in or Create an account to join the conversation.

More
28 May 2020 17:44 #8520 by support
Hello.

Let me repeat my question: Do you also put your certificate (as .DER, without private key) to the Trusted peers certificate store?

Regards

Please Log in or Create an account to join the conversation.

More
28 May 2020 12:43 #8519 by KrisSik
Hello,

Let me describe the actions I did:
1. Placed the certificate (.pfx file) in the application instance certificate store.
2. Updated the EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationName to match Common Name (CN) property from certificate's subject.
3. Initialized the EasyUAClient and tried to browse the node.

As a result, a new certificate is being generated and old one is deleted. The server's rejected certificates store contains already new generated certificate.
Please, find the logs file attached to this message.

Best regards,
Kristian
Attachments:

Please Log in or Create an account to join the conversation.

More
23 May 2020 11:32 #8502 by support
That is a complicated process, but in general, an existing certificate for the specified subject name should be kept (and not replaced) and used, as long as it itself validates (I think that it thus should also be in the Trusted store!) and fulfills additional conditions such as that the key size is not too low.

For initial diagnostics , please hook a handler to the (static) EasyUAClient.LogEntry event, and send us the events generated when QuickOPC replaces the certificate when it "should not. If there is a confidential information in it, email it to support09 (at) opclabs.com instead of posting here.

Best regards

Please Log in or Create an account to join the conversation.

More
23 May 2020 10:11 #8500 by support
No, you cannot. QuickOPC relies on the behavior of UA Certificate generator (OPC Foundation) with most default settings.

QuickOPC will automatically create *some* certificate for you, without you having to specify anything, or allowing you to specify just the very basics (application name). This is an intentional design decision: There are so many ways and options the certificate can be generated, that even if we provided more option, there will always be somebody saying that they want their certificate be different.

If the certificate you get by the "automatic" process is not what you want, you need to generate one yourself by whatever means you choose, and then point QuickOPC to that certificate. This gives you total control of the certificate used, if you need it.

I understand from your other post that you have a problem with that approach as well, and I will reply to that post separately. But it is the right way to do it.

Best regards

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.063 seconds