Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Create certificate for OPC UA Client

More
29 May 2021 14:29 #9705 by support
Great - thank you for update.

Best regards

Please Log in or Create an account to join the conversation.

More
29 May 2021 13:32 - 29 May 2021 14:28 #9704 by aksenthil
Hi team,

Finally, I can communicate with the Kepware OPC UA server.

Quick OPC shares the instance certificate before start communicating.

Once I trust the quick OPC UA Client certificate in the kepware OPC UA server, the quick OPC UA client starts communicating with the kepware server without any issues.

I did two corrections in the existing example.

first correction :

added below UA extension :
using OpcLabs.EasyOpc.UA.Extensions;
then next correction
UAEndpointDescriptor endpointDescriptor =
               ((UAEndpointDescriptor)"opc.tcp://devicename:portnumber")
               .WithUserNameIdentity("opcUAAdministrator", "OPCUAServerPassword");
After including the above two lines, the issue is resolved.

Thanks for your support

Right now, I started testing with Linux using dot net core. let you know the feedback
Last edit: 29 May 2021 14:28 by support.

Please Log in or Create an account to join the conversation.

More
11 May 2021 14:07 #9667 by support
Hello.

I think that there are two issues:

1. The server provides an endpoint (the one highlighted on your picture) which has two configurations: one for insecure communications ("None"), the other for secured communications. This is OK. The client can pick the endpoint configuration it wants to use. In the Matrikon client, the secure configuration was chosen, and the certificates were mutually checked.

QuickOPC, by default, selects the insecure endpoint. Certificate exchange is not required with insecure endpoints, and that's why you do not see the QuickOPC app (client) certificate in the Kepware UA server.

QuickOPC allows you to change this behavior, or even pick the precise endpoint - see e.g.
- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...in%20Endpoint%20Selection.html
- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...oint%20Selection%20Policy.html

But, the demo application you are using does not have code for it. You need to extend the demo application, write your own application, or use e.g. the Connectivity Explorer app which has the necessary user interface for it.

Alternatively, if you uncheck the "None (Insecure)" option in the configuration of the endpoint in the Kepware UA server, all clients - including QuickOPC - will be foprced to used the secure endpoint, and the certificate exchange will then always occur, without any changes on the client side necessary.

2. BadUserAccessDenied: If the server requires you to provide the username and password, you need to do that in QuickOPC as well. In the Matrikon client, it is not correct to say that it was able to connect without it. What is was able to was to obtain the endpoints - which is different from other operations. But for the "full" connection, it has required the username and password as well.

As with the endpoint selection, the demo application does not support this. Extend it, write your own app, or use the Connectivitty Explorer.

Code example showing how to specify username and password (.WithUserNameIdentity extension method):

- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ck%20certificate%20status.html

Regards

Please Log in or Create an account to join the conversation.

More
11 May 2021 12:16 #9666 by aksenthil
Dear Team,

Thanks for your reply.

Please find below the screen as you requested.


Attachments:

Please Log in or Create an account to join the conversation.

More
11 May 2021 07:09 #9664 by support
Thank you. I start to understand the issue, but I need one more thing:

Please post here a picture of the "Server Endpoints" tab in "OPC UA Configuration Manager" screen of the Kepware UA Server.

Regards

Please Log in or Create an account to join the conversation.

More
11 May 2021 01:23 #9663 by aksenthil
Dear Team,

When I am Connecting from the Matrikon OPC UA Client to the server, the below activities are happening.

1. while establishing the connection to the server, there was no username password used.
2. while subscribing to the data, the Matrikon OPC UA Client needs the username/password of the Kepware UA Server.

image 1 :


after entering the username password, I am getting values from the kepware OPC Server



with regards,
senthil
Attachments:

Please Log in or Create an account to join the conversation.

More
10 May 2021 17:01 #9661 by support
The error code in OPC UA Demo Client, if I understand your post correctly, is BadUserAccessDenied.

This error code is normally related to user authentication, not application authentication.

Are you using some user name/password when connecting to the same sever from other client (Matrikon OPC UA client?)

Regards

Please Log in or Create an account to join the conversation.

More
10 May 2021 15:07 #9660 by aksenthil
Dear Team,

Is the OPC UA Demo Application connecting to the server correctly or not?

The OPC UA Demo application is connecting to the kepware server. But Matrikon OPC UA client properly connecting to the kepware server.




If it is, why are you bothering with certificates?

I am Not bothering about the certificate. The instant certificate is not transferring from the OPC UA client Demo to trust in the OPC UA Server.







If it is not, what is the error message or error behavior?

Please find below the error screenshot of the OPC UA Demo.



please suggest to me why OPC UA Demo is not transferring the instant certificate to the Kepware OPC UA Server.

with regards,
senthil
Attachments:

Please Log in or Create an account to join the conversation.

More
10 May 2021 13:58 #9659 by support
I really do not understand what you want.

Is the OPC UA Demo Application connecting to the server correctly or not?
If it is, why are you are bothering with certificates?
If it is not, what is the error message or error behavior?

Also, I do not understand the English in this sentence: "please .... extend you support to buy you license.". Sorry.

Regards

Please Log in or Create an account to join the conversation.

More
10 May 2021 13:30 #9658 by aksenthil
Dear Team,

I don't want the certificate.

I tried the Matrikon OPC UA Explorer. As expected, it transferred the certificate to the Kepware OPC Server instantly.

But when I trying the OPC UA Deme application, I am not getting any instant certificate in the OPC UA server.

please find attached the Matrikon OPC UA client certificate in the Kepware server.

I am already purchased one license when I was in TCS. by that time my id is " This email address is being protected from spambots. You need JavaScript enabled to view it.". now I am joined in a startup. based on your earlier support only, I preferred you in my new company as well.

so please kindly extend you support to buy you license.

with regards,
senthil
Attachments:

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.063 seconds