OPC UA Connection (Error: BadSecurityChecksFailed) [message #1854802] |
Mon, 12 September 2022 08:18  |
Eclipse User |
|
|
|
Hello,
I have an issue (Error: BadSecurityChecksFailed) with a connection to a third party OPC UA server (Ignition OPC UA Server). I have compiled the forte with open62541 and mbedtls libraries according to manual and created a config file.
My question is: What can cause this error and how can i fix it? P.S. With forte's OPC UA it works, I can publish nodes and subscribe to them like it described in manual, so its probably not the problem of open62541.
All software is installed on one laptop (Win 10), 4DIAC IDE 2.0.1, Ignition 8. 1.19. I do not have much experience with security so i suppose that the problem could be in my certificates. Below in attachment are pictures i decided can be useful.
Error messsage:
INFO: T#834772112449: [CConfigFileParser]: Configuration file configSecurity.forte opened
[2022-09-12 12:51:26.513 (UTC+0200)] error/securitypolicy Could not create securityContext: BadSecurityChecksFailed
ERROR: T#834772618949: [CUA_ClientConfigFileParser]: Error setting client configuration. Error: BadSecurityChecksFailed
INFO: T#834772670549: [CConfigFileParser]: Closing configuration file
INFO: T#834772737649: [OPC UA CLIENT]: Uninitializing client opc.tcp://localhost:62541
For generating of certificates i use OpenSSL by using this command:
req -new -x509 -config opcuaviewer.config -newkey rsa:2048 -keyout opcuaviewer.key -nodes -outform der -out opcuaviewer.der
my OpenSSL opcuaviewer.config file:
[ req ]
default_bits = 2048
default_md = sha256
distinguished_name = subject
req_extensions = req_ext
x509_extensions = req_ext
string_mask = utf8only
prompt = no
[ req_ext ]
basicConstraints = critical, CA:FALSE
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign
extendedKeyUsage = clientAuth,serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier=keyid:always,issuer:always
[ subject ]
countryName = AT
stateOrProvinceName = Wien
localityName = Yegor
organizationName = TU
commonName = ACIN
my forte configSecurity.forte config file:
endpoint=opc.tcp://localhost:62541
username=opcuauser
password=password
certificate=C:/4diac/forte/build/src/Release/opcuaclient.der
privateKey=C:/4diac/forte/build/src/Release/opcuaclient.pem
securityPolicy=http:/ /opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
securityMode=3
|
|
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.03938 seconds