- Posts: 345
- Thank you received: 4
Online Forums
Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.
Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.
Do not use the Contact page for technical issues.
- Forum
- Discussions
- QuickOPC-UA in .NET
- Connections, Reconnections, Certificates
- How do I set the Security Policy when connecting to an OPC UA server?
How do I set the Security Policy when connecting to an OPC UA server?
Issue solved.
Regards,
Michael
Please Log in or Create an account to join the conversation.
UaDataDialog1.EndpointDescriptor.EndpointSelectionPolicy.SecurityPolicyUriString = "opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
UaDataDialog1.EndpointDescriptor.EndpointSelectionPolicy.SecurityPolicyUriString = "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
The confusion might have come from the fact the forums display the URLs, even when entered with "http:", as clickable links without the "http:", unless explicitly quoted as code.
Regards
Please Log in or Create an account to join the conversation.
The OPC Server supports "Badsic256Sha256", "Sign & Encrypt".
Exceptions
Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: Cannot preselect the best (or any) endpoint for OPC-UA client session. No suitable endpoint has been found. The server returned 2 endpoint(s).
There are several configurable settings that influence which endpoints are eligible for selection, such as the endpoint selection policy, and also parameters that influence how thorough checks of the information returned by the server are made. You may need to change the endpoint selection policy, or the additional parameters, in order to be able to connect. If you are unsure about what is causing all endpoints to be rejected, analyze the log entries generated by the component.
Candidate selection report follows.
[0:NotEligible(SecurityPolicyUri("opcfoundation.org/UA/SecurityPolicy#Basic256Sha256", NotAllowed(NoMatch(Uri)))), 1:NotEligible(SecurityPolicyUri("opcfoundation.org/UA/SecurityPolicy#Basic256Sha256", NotAllowed(NoMatch(Uri))))].
+ Connection attempt #1; last connected at 1/1/0001 12:00:00 AM (local); unconnected for 00:00:00.0780000.
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'.
Activity Trace:
Data:
ErrorId_{045406CD-8EEA-4F21-B3D6-DC9DB5A34E58}: OpcLabs.UAEngine=4403
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 4403
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException:
Message:
Cannot preselect the best (or any) endpoint for OPC-UA client session. No suitable endpoint has been found. The server returned 2 endpoint(s).
There are several configurable settings that influence which endpoints are eligible for selection, such as the endpoint selection policy, and also parameters that influence how thorough checks of the information returned by the server are made. You may need to change the endpoint selection policy, or the additional parameters, in order to be able to connect. If you are unsure about what is causing all endpoints to be rejected, analyze the log entries generated by the component.
Candidate selection report follows.
[0:NotEligible(SecurityPolicyUri("opcfoundation.org/UA/SecurityPolicy#Basic256Sha256", NotAllowed(NoMatch(Uri)))), 1:NotEligible(SecurityPolicyUri("opcfoundation.org/UA/SecurityPolicy#Basic256Sha256", NotAllowed(NoMatch(Uri))))].
+ Connection attempt #1; last connected at 1/1/0001 12:00:00 AM (local); unconnected for 00:00:00.0780000.
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'.
Source:
Stack Trace:
TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:
Please advise.
Thank you.
Michael
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Thank you for your answer.
I am getting the following error:
Severity Code Description Project File Line Source Suppression State
Error BC30002 Type 'UAEndpointSelectionPolicy' is not defined.
EBO_Browse D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(3,76)\Form1.vb 1 Build N/A
Please advise.
Thank you.
Michael
Please Log in or Create an account to join the conversation.
The exception happens because by default, the .EndpointSelectionPolicy in the UAEndpointDescriptor is null, which means that a "global" default endpoint selection policy (common for all servers) will be used (which is probably not what you want).
So, before accessing/manipulating properties of the .EndpointSelectionPolicy (e.g. on a line preceding it), create a new UAEndpointSelectionPolicy object and assign it. Something like
UaDataDialog1.EndpointDescriptor.EndpointSelectionPolicy = New UAEndpointSelectionPolicy()
Please Log in or Create an account to join the conversation.
See the attachment.
The exception line is:
UaDataDialog1.EndpointDescriptor.EndpointSelectionPolicy.SecurityPolicyUriString = "opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
Thank you.
Michael
Please Log in or Create an account to join the conversation.
The exception is on line 277 in your Form1.vb.
What is on that line, and what is around it?
Regards
Please Log in or Create an account to join the conversation.
Thank you for your answer. I have tried it in two ways (see below) but in both ways I get an exception:
1)
Dim gdsEndpointDescriptor As UAEndpointDescriptor =
New UAEndpointDescriptor(MyServerURL) _
.WithUserNameIdentity(localUser, localPassword)
gdsEndpointDescriptor.EndpointSelectionPolicy.SecurityPolicyUriString = "opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
If UA_Security_Annonymous Then ' Jul-18-2021
UaDataDialog1.EndpointDescriptor = MyServerURL
Else
UaDataDialog1.EndpointDescriptor = gdsEndpointDescriptor
End If
2)
Dim gdsEndpointDescriptor As UAEndpointDescriptor =
New UAEndpointDescriptor(MyServerURL) _
.WithUserNameIdentity(localUser, localPassword)
UaDataDialog1.EndpointDescriptor.EndpointSelectionPolicy.SecurityPolicyUriString = "opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
If UA_Security_Annonymous Then ' Jul-18-2021
UaDataDialog1.EndpointDescriptor = MyServerURL
Else
UaDataDialog1.EndpointDescriptor = gdsEndpointDescriptor
End If
See the exception below:
System.NullReferenceException
HResult=0x80004003
Message=Object reference not set to an instance of an object.
Source=EBOOPCClientCFG
StackTrace:
at EBO_Browse.Form1.GlobalTagBrowse_UA(String MyServerURL, String MyServerName, String MyGroup) in D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(3)\Form1.vb:line 277
at EBO_Browse.Form1.AddOPCItemsToolStripMenuItem_Click(Object sender, EventArgs e) in D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(3)\Form1.vb:line 1020
at System.Windows.Forms.ToolStripItem.RaiseEvent(Object key, EventArgs e)
at System.Windows.Forms.ToolStripMenuItem.OnClick(EventArgs e)
at System.Windows.Forms.ToolStripItem.HandleClick(EventArgs e)
at System.Windows.Forms.ToolStripItem.HandleMouseUp(MouseEventArgs e)
at System.Windows.Forms.ToolStripItem.FireEventInteractive(EventArgs e, ToolStripItemEventType met)
at System.Windows.Forms.ToolStripItem.FireEvent(EventArgs e, ToolStripItemEventType met)
at System.Windows.Forms.ToolStrip.OnMouseUp(MouseEventArgs mea)
at System.Windows.Forms.ToolStripDropDown.OnMouseUp(MouseEventArgs mea)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ToolStrip.WndProc(Message& m)
at System.Windows.Forms.ToolStripDropDown.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID, Int32 reason, Int32 pvLoopData)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun()
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(String[] commandLine)
at EBO_Browse.My.MyApplication.Main(String[] Args) in :line 81
Am I doing something wrong?
Thank you.
Michael
Please Log in or Create an account to join the conversation.
Ad 1. From the code, in UAEndpointDescriptor object used in EasyXXClient operation, you can set the security policy using one of the following properties: UAEndpointDescriptor.EndpointSelectionPolicy.SecurityPolicyDisplayName, UAEndpointDescriptor.EndpointSelectionPolicy.SecurityPolicyUriString, or UAEndpointDescriptor.EndpointSelectionPolicy.SecurityPolicyDisplayName.SecurityPolicyUri. They all set the security policy, but they differ in the kind of information you pass in. I recommend the UAEndpointDescriptor.EndpointSelectionPolicy.SecurityPolicyUriString. You can pass to it one of the predefined security policy URI strings from the UASecurityPolicyUriStrings, for example, UASecurityPolicyUriStrings.Basic256Sha256 (which equals to ""opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"").
The message security mode, which you also have on the picture, is not directly part of setting the security policy. But it can be set in similar manner. The property for it is UAEndpointDescriptor.EndpointSelectionPolicy.AllowedMessageSecurityModes.
If you are showing our UI to the interactive user, some of the dialogs for OPC UA allow the user to set anything that's in the endpoint selection policy - and they return the UAEndpointDescriptor already configures with what the user had selected.
Ad 2. The server certificate, including its private key, is primarily stored on the server. For it to be accepted by the client, its copy - without a private key - is transferred via OPC UA to the client, and the client verifies that is an acceptable one. The "trusted" , rejected, etc. certificates are stored in various certificate stores. This is a lengthy topic and we have appropriate documentation for it which cannot be repeated here. See e.g. opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html .
Ad 3. Most commonly, you do it by locating the rejected certificate in the "Rejected certificated store", and copying or moving it to the "Trusted peers certificate store".
Ad 4. Normally QuickOPC creates the client certificate for you automatically behind the scenes, so you do not have to do anything.
With QuickOPC, you can programatically do various operations with the certificate stores, see e.g. opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...r%20Application%20Service.html and opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ml#OPC%20UA%20Application.html .
It is, however, more likely that you just want to give you interactive users some way to manage the certificate-related tasks themselves in a friendly way. Since QuickOPC 2023.1, you can give them "Administer OPC UA Application Dialog" (opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ml#OPC%20UA%20Application.html ), and through it, the users can do practically anything that is needed, certificate-wise. Here is how it looks, and how to operate it: kb.opclabs.com/Dialog:_Administer_OPC_UA_Application .
Approving "rejected" certificates, creating new own client certificates etc. - all of this can be done from this dialog.
Best regards
Please Log in or Create an account to join the conversation.
- Forum
- Discussions
- QuickOPC-UA in .NET
- Connections, Reconnections, Certificates
- How do I set the Security Policy when connecting to an OPC UA server?