Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Error "The CertificateGenerator utility is not installed."

More
10 Oct 2014 11:48 #2420 by support
M.,

From the Concepts document:

4. OPC UA SDK 1.01 Discovery Services, or OPC UA Local Discovery Server 1.01. These packages are available from OPC Foundation (also for non-members): www.opcfoundation.org/Downloads.aspx?CM=1&CN=KEY&CI=285.
Needed when: If your installation program or the application creates its own client instance certificate using QuickOPC-UA (UA SDK) method, i.e. with the help of CertificateGenerator.exe program that is part of the above packages.

Since the OPC Foundation has a new site now, the proper link is opcfoundation.org/developer-tools/developer-kits-unified-arc...re/local-discovery-server-lds/ .

Please Log in or Create an account to join the conversation.

More
10 Oct 2014 11:46 #2419 by support
From: M.
Sent: Friday, October 10, 2014 12:45 PM
To: Zbynek Zahradnik; 'C.'
Subject: RE: QuickOPC Implementation

Reply below:
1) Yes, using VB.NET. It does compile with no problem (with Option Explicit On). As additional info: originally had the 3 security options for endpoint, but just changed it to “none” to ensure there was no confusion. It is currently set to none. Based on my little knowledge and reading that I have done, yes, it should not be even looking for a certificate with security set to none.

2) Can you please answer this:

1. Are you using version 5.23, or 5.31?
5.30.1302.1
2. Do you have a 32-bit, or 64-bit operating system?
Development 64bit, target 32 bit (but will also have target of 64 bit)
3. What was the setup procedure – have you run our setup program on the client computer, with default settings, or was it any different?
No I have not run the QuickOPC setup program on the target and was not planning to. Right now, just publishing app for target but will use Visual Studio 2013 Setup and Deployment
4. Is C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\ Opc.Ua.CertificateGenerator.exe present?
No it is not
5. Is C:\Program Files\Common Files\OPC Foundation\UA\v1.0\Bin\ Opc.Ua.CertificateGenerator.exe present?
No it is not, will try to add
6. Please try to run your application under admin account AND with elevated privileges (“Run as Administrator”) – doesn’t it resolve the problem? (note that the certificate creation is only needed once – even if these permissions are needed for it, they won’t be needed for subsequent runs)
User account is administrator.

Will try to install Certificate generator once I read how. Where do I get this info?

Please Log in or Create an account to join the conversation.

More
10 Oct 2014 08:55 - 10 Oct 2014 08:56 #2418 by support
Mark,

There are two things here:

A. If you set up the server that it only has one endpoint with a specific security policy, then QuickOPC should select that one, without a need to set further parameters. The EndpointSelectionPolicy on our side determines which server endpoint is selected when there are more to choose from – it gives the “priorities” to recognize the “best” or “preferred” combination. If there are more endpoint to choose from, and you wanted to prevent those with message security, the proper statement would be:
EasyUAClient.AdaptableParameters.Session.EndpointSelectionPolicy.AllowedMessageSecurityModes = UAMessageSecurityModes.SecurityNone;

I am surprised that your line even compiles – it does not compile in C#, because it is trying to assign an enumeration value to a string – but are you using VB? If so then it may compile, VB does many “silent” (and dangerous) conversions.

B. The problem with the certificate generator. First, this is unrelated to the endpoint selection described above. What happens here is that every UA client application must have an instance certificate, and present it to the server – even if the endpoint is configured with no message security. There are two possible approaches:
a) You can let QuickOPC generate the certificate (when it is first needed), and then let it reuse the certificate upon subsequent connections. This is the default behavior.
b) You can create the certificate yourself or obtain it elsewhere, and then configure QuickOPC as to where and how to find it.

You are now in the default situation, and QuickOPC is trying to create the certificate. It needs a utility from OPC Foundation for this, the “certificate generator”, and it cannot find it. Normally this utility is installed as part of an OPC Foundation package that we call during our setup. We have seen this issue with some customers in the past. In some cases, the reason was that the utility was truly missing (e.g. they have moved just the application to a different computer, and have not installed the prerequisites as described in the Concepts document, section “Application Deployment”). In other cases, we were not able to determine the cause: The utility appeared to be present, but QuickOPC was not able to find it.

Can you please answer this:
1. Are you using version 5.23, or 5.31?
2. Do you have a 32-bit, or 64-bit operating system?
3. What was the setup procedure – have you run our setup program on the client computer, with default settings, or was it any different?
4. Is C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\ Opc.Ua.CertificateGenerator.exe present?
5. Is C:\Program Files\Common Files\OPC Foundation\UA\v1.0\Bin\ Opc.Ua.CertificateGenerator.exe present?
6. Please try to run your application under admin account AND with elevated privileges (“Run as Administrator”) – doesn’t it resolve the problem? (note that the certificate creation is only needed once – even if these permissions are needed for it, they won’t be needed for subsequent runs)

Thank you

Zbynek Zahradnik
Last edit: 10 Oct 2014 08:56 by support.

Please Log in or Create an account to join the conversation.

More
10 Oct 2014 08:54 #2417 by support
From: M.
Sent: Friday, October 10, 2014 6:12 AM
To: ...
Subject: QuickOPC Implementation

Zbynek, C.,

Just as a quick update, I have decided to switch to UA as I was having too many problems with implementing DCOM without opening up too many permissions. I think I have UA almost working now but I am still having a certificate problem. Kepware is setup with Security polices = None, however, when I run the app I get the following error on the remote client : “The Certificate Generator Utility is not installed”. Going through the manual I came across UAEndPointSelectionPolicy which is supposed to have a MessageSecurityPreference. It seems like a lot has been changed and according to the class library documentation I should now be using SharedParameters.

Anyway, long story short, I cannot get it to work.

This is the line of code that I am using:
EasyUAClient.SharedParameters.Engine.ApplicationCertificateSubject = UAMessageSecurityModes.SecurityNone

Perhaps the problem is a setting in Kepware? Not sure where to go from here? For now, I would like to get this to work without any certificates, alhtough I may need to add certificates at a later date. Any help would be appreciated.

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.054 seconds