- Posts: 345
- Thank you received: 4
Online Forums
Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.
Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.
Do not use the Contact page for technical issues.
- Forum
- Discussions
- QuickOPC-Classic in .NET
- Browsing, Browse Dialogs and Controls
- Exception while trying to connect to an OPC UA Server
Exception while trying to connect to an OPC UA Server
Yes. Windows Forms.
We get an exception. You can see the details in the attached PDF.
Thank you.
Michael
Attachments:
Please Log in or Create an account to join the conversation.
You say that connection cannot be established with the "insecure" setting - but is it giving the very same error? (that would be weird).
Regards
BTW, I understand your application is Windows Forms, right? Doesn't it pop-up any dialog when trying to connect to that server? (QuickOPC should do it, for otherwise unaccepted certificates).
Please Log in or Create an account to join the conversation.
The missing folder is kind of weird, but given that other folders. Besides the one mentioned, I would also expect the "RejectedCertificates" folder be there (in total, 4 subfolders). But yes, if it is missing, create it please.
Regards
Please Log in or Create an account to join the conversation.
If gAcceptAnyCertificate Then
EasyUAClient.SharedParameters.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate = True
End If
Any idea why?
Thank you.
Michael
Attachments:
Please Log in or Create an account to join the conversation.
You have mentioned that the certificate should be placed in these folder:
"C:\ProgramData\OPC Foundation\CertificateStores\UA Certificate Authorities\certs"
and
"C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs".
My customer says that the following folder does not exist on his computer.
"C:\ProgramData\OPC Foundation\CertificateStores\UA Certificate Authorities\certs"
Should we manually create this folder and place the certificate in it?
See the attached screen capture.
Thank you.
Michael
Attachments:
Please Log in or Create an account to join the conversation.
Michael
Please Log in or Create an account to join the conversation.
I was referring to certificate stores on the client side. I gave the default locations that QuickOPC uses.
Regards
Please Log in or Create an account to join the conversation.
Thank you for your answer.
I think that you take it too personal... why should I make fun of you?!
I am aware that the connection is insecure, but it is a connection and the customer can see values in UA Expert...See page 10 of 13.
Regarding to your suggestion, ("The proper way of resolving this is, as I wrote: The CA certificate(s) need to be placed into the Trusted issuers store (in addition to Trusted peers). This should not be too difficult. They just need to know where their server got the certificate from (the CA). Then, whoever runs the CA should be able to give them CA cert (public part; in .DER format). And then just place it to "C:\ProgramData\OPC Foundation\CertificateStores\UA Certificate Authorities\certs" and "C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs".)
Is it on the server side or client side?
Michael
Please Log in or Create an account to join the conversation.
I cannot resist the feeling that you are making fun of me. Have you even looked at the document?!
They are getting the SAME BadCertificateChainIncomplete error as you get with QuickOPC:
And then they forcefully accept the otherwise untrusted certificate:
So this is PRECISELY what I have predicted. They are NOT connecting securely, because they cannot be sure that the server they are connecting to is genuine, or fake/rogue.
The proper way of resolving this is, as I wrote: The CA certificate(s) need to be placed into the Trusted issuers store (in addition to Trusted peers).
This should not be too difficult. They just need to know where their server got the certificate from (the CA). Then, whoever runs the CA should be able to give them CA cert (public part; in .DER format). And then just place it to "C:\ProgramData\OPC Foundation\CertificateStores\UA Certificate Authorities\certs" and "C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs".
The IMPROPER (insecure) way of "resolving" it is e.g.
- in UA Expert, accepting the certificate forcefully, as they did,
- In QuickOPC applications: Set EasyUAClient.SharedParameters.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate to True (opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User's...licy~AcceptAnyCertificate.html ).
Regards
Attachments:
Please Log in or Create an account to join the conversation.
Thanks.
Michael
Attachments:
Please Log in or Create an account to join the conversation.
- Forum
- Discussions
- QuickOPC-Classic in .NET
- Browsing, Browse Dialogs and Controls
- Exception while trying to connect to an OPC UA Server