Professional OPC
Development Tools

logos

lupa

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

  1. Forum
  3. Discussions
  5. Feature Requests & Product Improvement Ideas
  7. Certificate Error

Certificate Error

More
30 Dec 2021 14:03 - 30 Dec 2021 14:10 #10526 by support
Replied by support on topic Certificate Error
I think the problem did away in relation to the new version, and not because of the extra instructions you provided.

On itself, these instruction do not have any effect on the OPC operations, because the CertificateAcceptancePolicy object you created is just an in-memory structure holding the policy parameters. In order for this to work, you would need to assign the "trustedCert" to the .SharedParameters. of the EasyUAClientManagement object. Much more usual approach would be *not* to create a new CertificateAcceptancePolicy, but simply set the parameters of the existing one, something like (not verified)
myEasyUAClientManagement = CREATEOBJECT ("OpcLabs.EasyOpc.UA.EasyUAClientManagement")
myEasyUAClientManagement.SharedParameters.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate = .T.

Back to the original problem, it hopefully it will not appear again. But it had to do not with the server certificate, but own (client) certificate. My advise to you, after checking the software version, would have been to remove the own certificate from the certificate store, and re-start the application at least one with admin (elevated) privileges, so that a new client cert is created.

The OPC UA Configuration Tool is from OPC Foundation. Parts of its functionality can be used to manage QuickOPC applications (and some other OPC UA applications, but not all of them), other parts are basically useless for your purpose. Documentation link is in this article: kb.opclabs.com/UA_Configuration_Tool_Overview .

Best regards
Last edit: 30 Dec 2021 14:10 by support.

Please Log in or Create an account to join the conversation.

More
30 Dec 2021 08:53 #10525 by info@software2000.it
Replied by info@software2000.it on topic Certificate Error
Now I have upgraded to the latest version and inserted these two obstructions in the code and it would seem to go, did I do it right?

trustedCert = CREATEOBJECT ("OpcLabs.BaseLib.Security.CertificateAcceptancePolicy")
trustedCert.AcceptAnyCertificate = .T.

Is there a guide to using the configuration program (OPC UA Configuration Tool) where I can insert certificates and associate the apps that use them?


thanks a lot

Please Log in or Create an account to join the conversation.

More
29 Dec 2021 18:14 #10518 by support
Replied by support on topic Certificate Error
The error message does not correspond to what latest version (2021.3) does.
Which QuickOPC version are you using?

Thank you

Please Log in or Create an account to join the conversation.

More
29 Dec 2021 17:27 #10516 by info@software2000.it
Certificate Error was created by info@software2000.it
Good evening,
when I try to read a value from the OPC-UA server in the development environment, everything is OK while in production by the client, it exits me in the reception property, the following is reported to me, how can I generate or tell him that the certificate is trusted ?:

"OPC-UA service result - Self Signed Certificate is not trusted.
IssuerName: CN = AD HOC REVOLUTION 8.0, DC = IND40 = BadCertificateUntrusted.
---- SERVICE RESULT ----
Status Code: {BadCertificateUntrusted} = 0x801A0000 (2149187584)
- = - = - Description: Self Signed Certificate is not trusted.
IssuerName: CN = AD HOC REVOLUTION 8.0, DC = IND40
Additional Info: <ExceptionTrace>

---- REMARKS ----
One reason for this error could be that the server certificate is not trusted by the client. The error can be resolved by properly configuring the certificate trusts. For development and testing purposes, or if your application does not require the server certificate check, you can set EasyUAClient.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate = true in your application to bypass the server certificate check on the client side, or (a bit safer) , include the endpoint URL of your server in EasyUAClient.SharedParameters.EngineParameters.CertificateAcceptancePolicy.TrustedEndpointUrlStrings list.

+ The SDK action called was "ApplicationInstance.CheckApplicationInstanceCertificate".
+ Following (5) events were gathered during the action on activity ID [10], in the order of first occurrence:
SDK trace: Checking application instance certificate.
SDK trace: Checking application instance certificate. CN = AD HOC REVOLUTION 8.0, DC = IND40
Exception: {Opc.Ua.ServiceResultException} Self Signed Certificate is not trusted. IssuerName: CN = AD HOC REVOLUTION 8.0, DC = IND40
SDK trace: Certificate 'CN = AD HOC REVOLUTION 8.0, DC = IND40' rejected. Reason = BadCertificateUntrusted
SDK trace: Writing rejected certificate to directory: [Directory]% CommonApplicationData% \ OPC Foundation \ CertificateStores \ RejectedCertificates
+ The error occurred while creating or checking the (client) application instance certificate. Check event log entries for errors and warnings.
+ The certificate generator path was "C: \ Zucchetti \ ahr80 \ exe \ Opc.Ua.CertificateGenerator.exe".
+ This is an engine-level error.
+ The client method called was 'ReadMultiple'. "

Please Log in or Create an account to join the conversation.

Moderators: support
  1. Forum
  3. Discussions
  5. Feature Requests & Product Improvement Ideas
  7. Certificate Error
Time to create page: 0.048 seconds