Professional Communication
Software Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

BadSecurityChecksFailed error

More
26 Oct 2021 14:25 #10286 by Mirhaj
Hi,

Sorry! EDIT on last post; The local OPC server also doesn't work all the time. Sometimes the client doesn't connect to that server as well. The exceptions are;

Self Signed Certificate is not trusted. IssuerName: CN=MHWirth Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=eurw157325

and

Certificate is not trusted. SubjectName: CN=DE.RuntimeService, DC=EURW157325 IssuerName: CN=DE.RuntimeService, DC=EURW157325


Best,
Ahmad

Please Log in or Create an account to join the conversation.

More
26 Oct 2021 13:23 #10285 by Mirhaj
Hi again,

One more thing I probably need to say is that I have another OPC server running locally (with Security Policy: None, Security Mode: None and Anonymous authentication) and I connect to that with no problem, but when I try to connect to the customer Siemense server which is (Security Policy: Basic256Sha256, Security Mode: Sign & Encrypt and with Username/password authentication type) I get the issue that was explained in the previous posts.

Just thought this information might come handy.

Best,
Ahmad

Please Log in or Create an account to join the conversation.

More
26 Oct 2021 13:10 #10284 by Mirhaj
Hi,

This is client machine (i.e. my local PC that I am running the client on)

Best,
Ahmad

Please Log in or Create an account to join the conversation.

More
26 Oct 2021 12:14 #10283 by support
Hello,

please provide one more clarification: In the message "IssuerName: CN=DE.RuntimeService, DC=EURW157325",
does "EURW157325" refer to
- the client machine
- the server machine
- or is it something else?

I need this to determine whether the message comes from the client rejecting server's certificate, or vice versa.

Thank you

Please Log in or Create an account to join the conversation.

More
26 Oct 2021 12:14 #10282 by support
Hello,

please provide one more clarification: In the message "IssuerName: CN=DE.RuntimeService, DC=EURW157325",
does "EURW157325" refer to
- the client machine
- the server machine
- or is it something else?

I need this to determine whether the message comes from the client rejecting server's certificate, or vice versa.

Thank you

Please Log in or Create an account to join the conversation.

More
26 Oct 2021 12:10 - 26 Oct 2021 15:30 #10281 by Mirhaj
Hi and thanks for your reply.

Yes, that's right. The server Url does not start with Https.
To answer your questions;
1- I am not very familiar with the server as it's a third party server that our customer provided. The customer said it's available via Internet and we can access it with the username/password that he has created for us. If you get the user/pass you will be able to connect to the server as well, but I'll have to check that with them.

2- I deleted OPCFoundation folder in ProgramData on my local pc (the development environment is my local pc) to make sure leftover certs from before is not there, then I ran the client and I didn't get the "Cerificate chain not complete" anymore but I got the error "Self Signed Certificate is not trusted. IssuerName: CN=DE.RuntimeService, DC=EURW157325". I have not configured EasyUAClient to use specific certificates. The following is what I have configured in my c# code;
{
EasyUAClient.SharedParameters.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate = true;
_client.Isolated = true;
_client.IsolatedParameters.SessionParameters.KeepAliveInterval = 2000;
_client.IsolatedParameters.SessionParameters.EndpointSelectionPolicy.AllowedMessageSecurityModes = UAMessageSecurityModes.SecuritySignAndEncrypt;
_client.IsolatedParameters.SessionParameters.EndpointSelectionPolicy.SecurityPolicyDisplayName = "Basic256Sha256";
_client.IsolatedParameters.SessionParameters.EndpointSelectionPolicy.MessageSecurityPreference = Sign.Positive;
_client.IsolatedParameters.SessionParameters.UserIdentity.UserNameTokenInfo.UserName = "MHWirth";
_client.IsolatedParameters.SessionParameters.UserIdentity.UserNameTokenInfo.Password = "*****";
}

3- This is the client server, I don't think the server has been set to trust my client. However when I connect to the server with UaExpert, it gives the two pop-ups attached. First untrusted certificates that when we say continue trusting for this session, it gives the second pop-up with BadCertificateHostNameInvalid during CreateSession" in UaExpert. When I press "ignore", it connects to the server. So should I ask the customer to configure his server to trust the client?

Best,
Ahmad
Attachments:
Last edit: 26 Oct 2021 15:30 by support.

Please Log in or Create an account to join the conversation.

More
26 Oct 2021 08:12 #10280 by support
Hello.
Please state the QuickOPC version used.

Unless the endpoint URL of the server starts with "https://", HTTPS is not used, and there is no point in configuring anything around HTTPS.

Questions:

1. I do not understand what you mean by "[...] the server which is availabe on internet ". Does it mean that we can also access it and try to reproduce the problem? If so, can you share the connection data? (endpoint URI?). Can also be done exchanged privately (by email).

2. Have you configured QuickOPC to use a specific certificate, or are you relying on its-autogenerated, self-signed certificate?

3. Have you configured the Siemens server to trust the client?

Best regards

Please Log in or Create an account to join the conversation.

More
25 Oct 2021 11:22 #10278 by Mirhaj
Hi,

I am implementing OPC UA clientin C# (with .Net framework 4.7.2) using Quick OPC sdk (EasyUA client). When trying to connect to a Siemence OpcUa server, it throws this exception: OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security. --> {BadSecurityChecksFailed}. Certificate chain not complete.

I have set in the code for now to AccepAnyCertificate = true. I have also set HttpsCerticateAcceptancePolicy.AcceptAnyCertificate = true. Since I am connecting to the server which is availabe on internet I thought https certificates should be accepted. Worth mentioning that the server is Sign&Encrypt, Basic256Sha256 Seimence server.

Meanwhile I can connect with UaExpert to the server and verify the server but throws the exception when trying to connect with my C# client.

Could you help me on what I should do now?

I also found out some other people had the same exception in Online Forums but their application was different than mine, so I couldn't find the solution.

Best,
Ahmad

Please Log in or Create an account to join the conversation.

Moderators: supportvaclav.zaloudek
Time to create page: 0.156 seconds