Online Forums
Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.
Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.
Do not use the Contact page for technical issues.
- Forum
- Discussions
- QuickOPC-UA in .NET
- Exception in SDK action ApplicationInstance.CheckApplicationInstanceCertificate
Exception in SDK action ApplicationInstance.CheckApplicationInstanceCertificate
Please Log in or Create an account to join the conversation.
opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ic%20Certificate%20Stores.html
and store an absolute path into EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationCertificateStore .
Best regards
Please Log in or Create an account to join the conversation.
support wrote: Hello.
Have you tried to use a directory-based store, but still with the .NET Framework?
Regards
I didn't change the default:
> When targeting .NET Framework, all certificates that QuickOPC works with are located in some "shared" directory-based certificate store by default. (opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html)
And i can't use localfolder for full framework:
> On .NET Standard development platform only: "%LocalFolder%" (case sensitive) (opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ry%20Certificate%20Stores.html)
Please Log in or Create an account to join the conversation.
Have you tried to use a directory-based store, but still with the .NET Framework?
Regards
Please Log in or Create an account to join the conversation.
Referencing the .net standard dlls under .net framework directly, the problem does't occur for me. That makes sense, as the .net standard toolkit saves the certificates in the executable directory instead of the windows certificate storesupport wrote: Yes, a different version of OPC UA stack/SDK is used by QuickOPC in .NET Core as opposed to .NET Framework, so it is possible that there are differences (or, the difference is in the .NET runtime itself).
Yes, starting the application once with elevated privileges doesn't help.support wrote: But it should not be needed for suibsequent runs - which I understand is your case, correct?
I asked our IT support. There shouldn't be any policies in effect.support wrote: I am hypothesizing that there might be some policies in effect that restrict the access even for some "harmless" operations.
Please Log in or Create an account to join the conversation.
QuickOPC attempts to find the application certificate in the certificate store and if it does not find, it attempts to create it and save it into the store. Normally, it is the saving of the certificate into the store that requires elevate dprivileges - and it is therefore normal that running the application as administrator is required the first time it runs. But it should not be needed for suibsequent runs - which I understand is your case, correct? But still, the issue seems to be related to the permission of the user account used - and you might be right about the Azure AD. I am hypothesizing that there might be some policies in effect that restrict the access even for some "harmless" operations.
Sadly, I cannot offer more concrete suggestions or help. You may try to experiment with choosing different cert store, or a specific certificate:
- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html
- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...%20Instance%20Certificate.html
Best regards
Please Log in or Create an account to join the conversation.
Sadly can't use .net core yet for an wpf application
Please Log in or Create an account to join the conversation.
I already tried deleting all stored certificates with the "UA Configuration Tool".
The simplest step to reproduce the error is to call "EasyUAClient.Install();", but it also happens for the "Read"-Methods of the EasyUAClient.
The only workaround I found is to run the application as administrator.
Using the Official OPC UA .Net Standard Stack (1.4.356) in the current version directly, the error doesn't occur. I saw that the toolkit does't use the current version. Maybe an update of the embedded SDK could help?
Tested Versions:
5.54.1311 net46
5.55.0-rev12 net47
Message:
OpcLabs.EasyOpc.UA.OperationModel.UAException : An OPC-UA operation failure with error code -1 (0xFFFFFFFF) occurred, originating from 'mscorlib'. The inner exception, of type 'System.Security.Cryptography.CryptographicException', contains details about the problem.
---- System.Security.Cryptography.CryptographicException : The specified network password is not correct.
+ The SDK action called was "ApplicationInstance.CheckApplicationInstanceCertificate".
+ The error occurred while creating or checking the (client) application instance certificate. Check event log entries for errors and warnings.
+ The certificate generator path was "C:\[removed]\bin\Opc.Ua.CertificateGenerator.exe".
Stack Trace:
at NetSdkEasyUAClient.Install()
at EasyUAClient.Install()
at OpcClientIntegrationTests.OpcClient_EngineBroken() in OpcClientIntegrationTests.cs line: 30
at
Inner Stack Trace
at CryptographicException.ThrowCryptographicException(Int32 hr)
at X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at X509Utils.LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle pCertCtx)
at X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at X509Certificate2.ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at CertificateFactory.Load(X509Certificate2 certificate, Boolean ensurePrivateKeyAccessible)
at CertificateIdentifier.Find(Boolean needPrivateKey)
at ApplicationInstance.CheckApplicationInstanceCertificate(Boolean silent, UInt16 minimumKeySize)
at <>c__DisplayClass31_0.<ValidateOrCreateClientCertificate>b__2()
at UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
Please Log in or Create an account to join the conversation.
- Forum
- Discussions
- QuickOPC-UA in .NET
- Exception in SDK action ApplicationInstance.CheckApplicationInstanceCertificate