Hello,

thanks for letting me know. I apologize for late answer, I am busy at OPC Interoperability Workshop in the U.S.
I wanted to point you to opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...%20Instance%20Certificate.html
for additional information, and possibly gather an information about the locations in which the UA Certificate generator file is looked for. But you have already found it.

Best regards

We were able to get this resolved, and it WAS a very mismatch, but one of our own creation. It turned out the wrong version of the toolkit was installed on the machine.

Very sorry for the confusion, and we appreciate the information regarding the 'behind-the-scenes' process that the toolkit goes through when generating certs.

Great, thank you for the response. We would like to give option 2 a shot, with option 3 as the fallback. Which version of the Opc.Ua.CertificateGenerator.exe should we be using, or and where should we place it?

We will look to hook int the EasyUAClient.LogEntry handler and see if this provides any additional information.

It might be permission related, and it probably is, but in a very convoluted way.
Here is some background:

There are multiple versions of UA certificate generator "in the wild", with difference(s) in the syntax (-hashSize among them).
QuickOPC comes with an embedded binary of UA certificate generator which it tries to use - this assures that the syntax is always right, because we would be calling the version for which we have written the code.

But the process of running this "embedded" UA certiticate generator executable *does* require some permissions (such as for placing files on disk).
If it fails, there should be something in the QuickOPC logs (EasyUAClient.LogEntry) I believe, and a "standard" procedure for location UA certificate generator kicks in, looking for preexisting file at multiple places in the file system. it is possible that this then finds a version of the UA certificate generator that was already there (e.g. installed by other OPC UA product), but is different from what we expect.

Possible solutions might be:
1. Give the process enough permissions. Probably not a good idea under IIS, for security reasons.
2. Replace the version on disk with the right version (I may help with that).
3. Generate the certificate manually upfront, and have your app simply use it, without generating it automatically by itself (there should be instructions for this in the User's Guide).

Best regards

We are moving an application to Server 2016, which is using toolkit version 5.34.

When we try to run the application (which is using an EasyUAClient object) we see the following when the certificate generation fails, however running the sample client generates a certificate just fine on the machine. Is this potentially permissions related? the reference to the hashSize makes me think not.


2020-03-10 10:04:28.4042|INFO|The OPC-UA engine is connecting to the underlying subsystems.
2020-03-10 10:04:28.4042|INFO|OPC-UA engine SDK configuration successfully provided by "OpcLabs.EasyOpc.UA.Toolkit.InternalSdkConfigurationProvider".
2020-03-10 10:04:28.5761|INFO|The OPC-UA engine has determined the client certificate parameters as listed below.
SubjectName: IIS Worker Process
ApplicationName: IIS Worker Process
ApplicationUri: urn:XXXXXX:w3wp.exe:10.0.14393.0%20%28rs1_release.160715-1616%29
ProductUri: urn:literal:string:Internet%20Information%20Services

2020-03-10 10:04:29.0917|INFO|The OPC-UA client session on endpoint URL "opc.tcp://xxx.xxx.xxx.xxx:49380" failed at tick 3105562 and will retry in 10000 milliseconds.
2020-03-10 10:04:29.0917|INFO|The status subscription for an OPC-UA session on endpoint URL "opc.tcp://xxx.xxx.xxx.xxx:49380" is in failure. Further such warnings on this session will not be logged.
OPC-UA service result - Could not create a certificate via a proxy: -error Unprocessed arguments exist possible syntax error: -hashSize .
---- SERVICE RESULT ----
StatusCode: {Bad} = 0x80000000 (2147483648)

2020-03-10 10:04:29.1073|INFO|The OPC-UA client session is connecting to endpoint URL "opc.tcp://xxx.xxx.xxx.xxx:49380".
2020-03-10 10:04:29.1073|INFO|The OPC-UA client session failed to connect to endpoint URL "opc.tcp://xxx.xxx.xxx.xxx:49380".
OPC-UA service result - Could not create a certificate via a proxy: -error Unprocessed arguments exist possible syntax error: -hashSize .
---- SERVICE RESULT ----
StatusCode: {Bad} = 0x80000000 (2147483648)