Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Exception while trying to connect to an OPC UA Server

More
14 Sep 2023 16:55 #12138 by micham
Hi,

Yes. Windows Forms.

We get an exception. You can see the details in the attached PDF.

Thank you.

Michael

This browser does not support PDFs. Please download the PDF to view it: Download PDF

Attachments:

Please Log in or Create an account to join the conversation.

More
14 Sep 2023 16:44 #12137 by support
Hello.

You say that connection cannot be established with the "insecure" setting - but is it giving the very same error? (that would be weird).

Regards

BTW, I understand your application is Windows Forms, right? Doesn't it pop-up any dialog when trying to connect to that server? (QuickOPC should do it, for otherwise unaccepted certificates).

Please Log in or Create an account to join the conversation.

More
14 Sep 2023 16:42 #12136 by support
Hello.

The missing folder is kind of weird, but given that other folders. Besides the one mentioned, I would also expect the "RejectedCertificates" folder be there (in total, 4 subfolders). But yes, if it is missing, create it please.

Regards

Please Log in or Create an account to join the conversation.

More
14 Sep 2023 14:52 #12134 by micham
One more thing.... We have tried the IMPROPER (insecure) way by adding section below, but still the connection could not be established.

If gAcceptAnyCertificate Then
EasyUAClient.SharedParameters.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate = True
End If



Any idea why?

Thank you.

Michael
Attachments:

Please Log in or Create an account to join the conversation.

More
14 Sep 2023 13:34 #12132 by micham
Hi,

You have mentioned that the certificate should be placed in these folder:
"C:\ProgramData\OPC Foundation\CertificateStores\UA Certificate Authorities\certs"
and
"C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs".

My customer says that the following folder does not exist on his computer.
"C:\ProgramData\OPC Foundation\CertificateStores\UA Certificate Authorities\certs"

Should we manually create this folder and place the certificate in it?

See the attached screen capture.


Thank you.

Michael
Attachments:

Please Log in or Create an account to join the conversation.

More
13 Sep 2023 13:03 #12107 by micham
Thank you.

Michael

Please Log in or Create an account to join the conversation.

More
13 Sep 2023 12:52 #12106 by support
Hello.
I was referring to certificate stores on the client side. I gave the default locations that QuickOPC uses.

Regards

Please Log in or Create an account to join the conversation.

More
13 Sep 2023 12:41 #12103 by micham
Hi,

Thank you for your answer.
I think that you take it too personal... why should I make fun of you?!
I am aware that the connection is insecure, but it is a connection and the customer can see values in UA Expert...See page 10 of 13.

Regarding to your suggestion, ("The proper way of resolving this is, as I wrote: The CA certificate(s) need to be placed into the Trusted issuers store (in addition to Trusted peers). This should not be too difficult. They just need to know where their server got the certificate from (the CA). Then, whoever runs the CA should be able to give them CA cert (public part; in .DER format). And then just place it to "C:\ProgramData\OPC Foundation\CertificateStores\UA Certificate Authorities\certs" and "C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs".)

Is it on the server side or client side?

Michael

Please Log in or Create an account to join the conversation.

More
13 Sep 2023 11:50 #12102 by support
Hello.
I cannot resist the feeling that you are making fun of me. Have you even looked at the document?!

They are getting the SAME BadCertificateChainIncomplete error as you get with QuickOPC:



And then they forcefully accept the otherwise untrusted certificate:



So this is PRECISELY what I have predicted. They are NOT connecting securely, because they cannot be sure that the server they are connecting to is genuine, or fake/rogue.

The proper way of resolving this is, as I wrote: The CA certificate(s) need to be placed into the Trusted issuers store (in addition to Trusted peers).

This should not be too difficult. They just need to know where their server got the certificate from (the CA). Then, whoever runs the CA should be able to give them CA cert (public part; in .DER format). And then just place it to "C:\ProgramData\OPC Foundation\CertificateStores\UA Certificate Authorities\certs" and "C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs".

The IMPROPER (insecure) way of "resolving" it is e.g.
- in UA Expert, accepting the certificate forcefully, as they did,
- In QuickOPC applications: Set EasyUAClient.SharedParameters.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate to True (opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User's...licy~AcceptAnyCertificate.html ).

Regards
Attachments:

Please Log in or Create an account to join the conversation.

More
13 Sep 2023 09:40 #12101 by micham
Here it is.

Thanks.

Michael

This browser does not support PDFs. Please download the PDF to view it: Download PDF

Attachments:

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.089 seconds