Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Could not create certificate via proxy error with hashSize

More
13 Mar 2020 00:52 - 13 Mar 2020 00:53 #8299 by support
Hello,

thanks for letting me know. I apologize for late answer, I am busy at OPC Interoperability Workshop in the U.S.
I wanted to point you to opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...%20Instance%20Certificate.html
for additional information, and possibly gather an information about the locations in which the UA Certificate generator file is looked for. But you have already found it.

Best regards
Last edit: 13 Mar 2020 00:53 by support.

Please Log in or Create an account to join the conversation.

More
12 Mar 2020 21:05 #8297 by Holbach
We were able to get this resolved, and it WAS a very mismatch, but one of our own creation. It turned out the wrong version of the toolkit was installed on the machine.

Very sorry for the confusion, and we appreciate the information regarding the 'behind-the-scenes' process that the toolkit goes through when generating certs.

Please Log in or Create an account to join the conversation.

More
12 Mar 2020 11:41 #8296 by Holbach
Great, thank you for the response. We would like to give option 2 a shot, with option 3 as the fallback. Which version of the Opc.Ua.CertificateGenerator.exe should we be using, or and where should we place it?

We will look to hook int the EasyUAClient.LogEntry handler and see if this provides any additional information.

Please Log in or Create an account to join the conversation.

More
11 Mar 2020 21:51 #8294 by support
It might be permission related, and it probably is, but in a very convoluted way.
Here is some background:

There are multiple versions of UA certificate generator "in the wild", with difference(s) in the syntax (-hashSize among them).
QuickOPC comes with an embedded binary of UA certificate generator which it tries to use - this assures that the syntax is always right, because we would be calling the version for which we have written the code.

But the process of running this "embedded" UA certiticate generator executable *does* require some permissions (such as for placing files on disk).
If it fails, there should be something in the QuickOPC logs (EasyUAClient.LogEntry) I believe, and a "standard" procedure for location UA certificate generator kicks in, looking for preexisting file at multiple places in the file system. it is possible that this then finds a version of the UA certificate generator that was already there (e.g. installed by other OPC UA product), but is different from what we expect.

Possible solutions might be:
1. Give the process enough permissions. Probably not a good idea under IIS, for security reasons.
2. Replace the version on disk with the right version (I may help with that).
3. Generate the certificate manually upfront, and have your app simply use it, without generating it automatically by itself (there should be instructions for this in the User's Guide).

Best regards

Please Log in or Create an account to join the conversation.

More
11 Mar 2020 19:59 #8293 by Holbach
We are moving an application to Server 2016, which is using toolkit version 5.34.

When we try to run the application (which is using an EasyUAClient object) we see the following when the certificate generation fails, however running the sample client generates a certificate just fine on the machine. Is this potentially permissions related? the reference to the hashSize makes me think not.


2020-03-10 10:04:28.4042|INFO|The OPC-UA engine is connecting to the underlying subsystems.
2020-03-10 10:04:28.4042|INFO|OPC-UA engine SDK configuration successfully provided by "OpcLabs.EasyOpc.UA.Toolkit.InternalSdkConfigurationProvider".
2020-03-10 10:04:28.5761|INFO|The OPC-UA engine has determined the client certificate parameters as listed below.
SubjectName: IIS Worker Process
ApplicationName: IIS Worker Process
ApplicationUri: urn:XXXXXX:w3wp.exe:10.0.14393.0%20%28rs1_release.160715-1616%29
ProductUri: urn:literal:string:Internet%20Information%20Services

2020-03-10 10:04:29.0917|INFO|The OPC-UA client session on endpoint URL "opc.tcp://xxx.xxx.xxx.xxx:49380" failed at tick 3105562 and will retry in 10000 milliseconds.
2020-03-10 10:04:29.0917|INFO|The status subscription for an OPC-UA session on endpoint URL "opc.tcp://xxx.xxx.xxx.xxx:49380" is in failure. Further such warnings on this session will not be logged.
OPC-UA service result - Could not create a certificate via a proxy: -error Unprocessed arguments exist possible syntax error: -hashSize .
---- SERVICE RESULT ----
StatusCode: {Bad} = 0x80000000 (2147483648)

2020-03-10 10:04:29.1073|INFO|The OPC-UA client session is connecting to endpoint URL "opc.tcp://xxx.xxx.xxx.xxx:49380".
2020-03-10 10:04:29.1073|INFO|The OPC-UA client session failed to connect to endpoint URL "opc.tcp://xxx.xxx.xxx.xxx:49380".
OPC-UA service result - Could not create a certificate via a proxy: -error Unprocessed arguments exist possible syntax error: -hashSize .
---- SERVICE RESULT ----
StatusCode: {Bad} = 0x80000000 (2147483648)

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.052 seconds