Professional OPC
Development Tools


Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

OPCuA durch eine Firewall oder einen ssh-Tunnel

20 Feb 2024 17:43 #12569 by support
Examples for OPC client and subscriber development in Python are now on GitHub: .

Please Log in or Create an account to join the conversation.

21 Nov 2023 13:32 #12394 by support
Note: QuickOPC now supports Python in much better way, cleaner syntax, and public packages ( on Python Package Index . See What's new in QuickOPC 2023.2 for more information. And, over 270 examples are available in the User's Guide!

Please Log in or Create an account to join the conversation.

17 Feb 2021 07:47 #9456 by support
Good that you found a workaround, but if you still want to resolve the issue with the original setup, let me know.

If you are really getting the precise error message on the problematic computers and not something else (the errors may look confusingly same at the first sight), then let me repeat, the problem is not at all related to how you connect from QuickOPC, and all those SSH/DNAT things. It has to do with creation or checking the client instance certificate, which is independent from what later happens, connection-wise.


Please Log in or Create an account to join the conversation.

17 Feb 2021 07:43 #9455 by support
It is weird that there are no certificates in the store. Are you sure that you are looking at the right store? (follow the procedure carefully).

If you are looking at the right store but no certificates are there, are you sure you are running the program at least one with elevated privileges? This may be difference between the computers you are using. I know this gets into IT knowledge etc., but it cannot be avoided. Basically, in order for the certificate be placed to the store for the first time, it is possible that not only you need to be an administrator of the machine, but (depending on the UAC settings) you specifically have to tell Windows you want to run as administrator. And, if your program is in Python, this may mean you need to run Python in this way. It can get complicated, yes.

If you could you provide me with remote access to the machine, I might be able to resolve it remotely.

You cannot use certificate from other application (UAExpert), because it has a different subject name.

Best regards

Please Log in or Create an account to join the conversation.

16 Feb 2021 18:44 #9454 by Kannix
it does'nt work wirh easy-opc.

i am programming a "workaround" :
the students get a class, which connects a win-server in school by http through a ssh-tunnel.
on this server, a python-cgi runs the tools of opclabs easy-opc, and so i can connect my plc.

this way, it works ...

Please Log in or Create an account to join the conversation.

16 Feb 2021 12:46 #9453 by Kannix
I deinstalled quick-opc and installed a version, that runs in school with no problems : quickopc2018.
i tried to contact my plant, but the same error was given.

with the launcher and its ua configuration tool, i opened the certificate store : "no certificates are in the store!

now i connected the plc with ua-expert opc client, and tried to import the certificate generated into the opc-labs store. it worked, but there is still the same error.

what to do ?

Please Log in or Create an account to join the conversation.

16 Feb 2021 10:43 #9452 by support

This error is not related to the DNAT or SSH usage; in fact, it is strictly "local" problem, not related to any connections made out of your application. The error indicates a problem with application's own instance certificate. The use of it cannot be turned off, unfortunately.

It is not clear what is causing the error - some users have reported it earlier, and as far as I can tell always with non-English Windows.

The help might be to delete the existing certificate, which will force QuickOPC to generate a new one. The procedure for it is here:

You probably will not have many OPC UA applications on the system, so recognizing the right certificate to delete should not be a problem. I do not know how the certificate name will look like, but if you are running from Python, it may even have the Python executable name in it.

I hope this helps. Let me know.
Best regards

Please Log in or Create an account to join the conversation.

16 Feb 2021 08:44 #9450 by Kannix

hier in der Technikerschule München betreiben wir auf sehr niedrigem Niveau Programmierung mit OPCuA.
Mit dem Toolkit von OPCLabs prgrammieren wir in Python Zugriffe auf diverse SPS-Stuerungen.
Nun (Corona etc.) benötigen wir diese Zugriffe für Praxisübungen remote, also von den Heimrechnern der Schüler auf die Anlage in der Schule.

Ich möchte zwei Wege : DNAT über die Firewall, und ssh-Tunnel durch ein Linux auf die Steuerung.

Es funktioniert leider nicht, mit folgender Fehlermeldung :

File "<COMObject OpcLabs.EasyOPC.UA.EasyUAClient>", line 2, in ReadValue File "C:\python\lib\site-packages\win32com\client\",
line 271, in _ApplyTypes_
result = self._oleobj_.InvokeTypes(*(dispid,
LCID, wFlags, retType, argTypes) + args)
pywintypes.com_error: (-2147352567,
'Ausnahmefehler aufgetreten.', (0, 'mscorlib', 'Das angegebene Netzwerkkennwort ist falsch.\r\n\r\n+ The SDK action called was "ApplicationInstance.CheckApplicationInstanceCertificate".\r\n+
Following (1) events were gathered during the action on activity ID [10], in the order of first occurrence:\r\n SDK trace: Checking application instance certificate.\r\n+ The error occurred while creating or checking the (client) application instance certificate. Check event log entries for errors and warnings.\r\n+ The certificate generator path was "C:\\python\\Opc.Ua.CertificateGenerator.exe".\r\n+
This is an engine-level error.\r\n+ The client method called was \'ReadMultiple\'.', None, 0, -2147024810), None)

> Es liegt wohl am Zertifikatshandling, und dort am fehlerhaften Hostnamen durch den indirekten Zugriff ?

Ich verstehe nicht genug davon, um da selber einzugreifen. Optimal wäre, wenn ich den Zertifikatsmechanismus einfach ausschalten könnte, aber das muß unkompliziert machbar sein ;-)

Hilfe wäre super, es hängen viele Praktika mit Schülern daran, die sonst nicht durchgeführt werden können !

Reiner Doll

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.055 seconds