OPC UA Connection (Error: BadSecurityChecksFailed) [message #1854802] |
Mon, 12 September 2022 12:18 |
|
Hello,
I have an issue (Error: BadSecurityChecksFailed) with a connection to a third party OPC UA server (Ignition OPC UA Server). I have compiled the forte with open62541 and mbedtls libraries according to manual and created a config file.
My question is: What can cause this error and how can i fix it? P.S. With forte's OPC UA it works, I can publish nodes and subscribe to them like it described in manual, so its probably not the problem of open62541.
All software is installed on one laptop (Win 10), 4DIAC IDE 2.0.1, Ignition 8. 1.19. I do not have much experience with security so i suppose that the problem could be in my certificates. Below in attachment are pictures i decided can be useful.
Error messsage:
INFO: T#834772112449: [CConfigFileParser]: Configuration file configSecurity.forte opened
[2022-09-12 12:51:26.513 (UTC+0200)] error/securitypolicy Could not create securityContext: BadSecurityChecksFailed
ERROR: T#834772618949: [CUA_ClientConfigFileParser]: Error setting client configuration. Error: BadSecurityChecksFailed
INFO: T#834772670549: [CConfigFileParser]: Closing configuration file
INFO: T#834772737649: [OPC UA CLIENT]: Uninitializing client opc.tcp://localhost:62541
For generating of certificates i use OpenSSL by using this command:
req -new -x509 -config opcuaviewer.config -newkey rsa:2048 -keyout opcuaviewer.key -nodes -outform der -out opcuaviewer.der
my OpenSSL opcuaviewer.config file:
[ req ]
default_bits = 2048
default_md = sha256
distinguished_name = subject
req_extensions = req_ext
x509_extensions = req_ext
string_mask = utf8only
prompt = no
[ req_ext ]
basicConstraints = critical, CA:FALSE
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign
extendedKeyUsage = clientAuth,serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier=keyid:always,issuer:always
[ subject ]
countryName = AT
stateOrProvinceName = Wien
localityName = Yegor
organizationName = TU
commonName = ACIN
my forte configSecurity.forte config file:
endpoint=opc.tcp://localhost:62541
username=opcuauser
password=password
certificate=C:/4diac/forte/build/src/Release/opcuaclient.der
privateKey=C:/4diac/forte/build/src/Release/opcuaclient.pem
securityPolicy=http:/ /opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
securityMode=3
|
|
|
|
Re: OPC UA Connection (Error: BadSecurityChecksFailed) [message #1854829 is a reply to message #1854818] |
Tue, 13 September 2022 15:58 |
|
Thank you for the link.
I have also checked the manual:
https://www.eclipse.org/4diac/en_help.php?helppage=html/communication/opc_ua_version1.html
and noticed that both certificate and the key have .der format. So I have used additional parameter "-keyform der" which i found in OpenSSL documentation, so now OpenSSL command look like this:
req -new -x509 -config opcuaconfig.config -newkey rsa:2048 -keyform der -keyout opcuaviewer_key.der -nodes -outform der -out opcuaviewer_cert.der
Unfortunately it didn't help, error is still there.
Also I have tried to change server's Security Policies - "None" instead of "Basic256Sha256". It also didn't help. I can easily connect with UaExpert or Ignition Client to Ignition OPC server(no matter what is Security Policies) or forte's OPC server. But in case of 4DIAC to Ignition OPC server it is always the same error.
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.02943 seconds