Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Failure: OPC-UA service result - Unexpected signature algorithm

More
14 Feb 2019 07:18 #7089 by support
It looks like that the server certificate is signed using an unsupported algorithm (or, the algorithm is right but its URI is wrong).

QuickOPC supports SHA256, but the algorithm URI is different: www.w3.org/2001/04/xmldsig-more#rsa-sha256 .

The one used by QuickOPC is, to my knowledge, the right one, according to OPC specifications. See e.g. apps.opcfoundation.org/profilereporting/ , Security Category -> Facets -> Miscleaaneous -> SecurityPplicy -> SecurityPolicy ...

Best regards

Please Log in or Create an account to join the conversation.

More
14 Feb 2019 04:53 #7086 by sjscheider
When trying to connect to an OPC-UA server using a cert, I get the error below. Here the code I'm using which is basically the example. Any thought or suggestions on what is wrong? Is this a server issue or a client issue?

Code:
UAEndpointDescriptor endpointDescriptor = _endpoint;
 
            // Hook static events
            EasyUAClient.LogEntry += EasyUAClientOnLogEntry;
 
            try
            {
                // Set the application name, which determins the subject of the client certificate.
                // Note that this only works once in each host process.
                EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationName = "XXXXXXXXXXXXXXX";
 
                EasyUAClient.SharedParameters.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate = true;
 
                // Do something - invoke an OPC read, to trigger some loggable entries.
                var client = new EasyUAClient();
                try
                {
                    client.ReadValue(endpointDescriptor, "nsu=urn:XXXXXXXXXXXXXXXXXXX;ns=3;i=4");
                }
                catch (UAException uaException)
                {
                    Console.WriteLine("*** Failure: {0}", uaException.GetBaseException().Message);
                }

Error:
Information(161): The OPC-UA engine has determined the client instance certificate parameters as listed below.
SubjectName: XXXXXXXXXXXXXXXXXXXXXX
StorePath: %CommonApplicationData%\OPC Foundation\CertificateStores\MachineDefault
ApplicationName: XXXXXXXXXXXXXXXXXXXXXX
ApplicationUri: urn:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

*** Failure: OPC-UA service result - Unexpected signature algorithm : www.w3.org/2001/04/xmldsig#rsa-sha256 = BadSecurityChecksFailed.
---- SERVICE RESULT ----
Status Code: {BadSecurityChecksFailed} = 0x80130000 (2148728832)
Description: Unexpected signature algorithm : www.w3.org/2001/04/xmldsig#rsa-sha256

+ The SDK action called was "static Session.Create".
+ Following (15) events were gathered during the action on activity ID [8], in the order of first occurrence:
Exception: {Opc.Ua.ServiceResultException} Self Signed Certificate is not trusted. IssuerName: OU=Engineering, O=XXXXXXXXXX, L=XXXXXXX, S=XX, C=US, CN=XXXX XXX Controller @127.0.0.1
SDK trace: CreateSession Called. RequestHandle=1, PendingRequestCount=1
[12] SDK trace: Token #0 created. CreatedAt = 04:13:28.662 . Lifetime = 3600000
[7] SDK trace: Token #1 activated. CreatedAt = 04:13:28.662 . Lifetime = 600000
SDK trace: CreateSession Completed. RequestHandle=1, PendingRequestCount=0
SDK trace: Revised session timeout value: 60000.
SDK trace: Max response message size value: 4194304. Max request message size: 0
SDK trace: CloseSession Called. RequestHandle=2, PendingRequestCount=1
SDK trace: CloseSession Completed. RequestHandle=2, PendingRequestCount=0
[6] SDK trace: TCPCLIENTCHANNEL SOCKET CLOSED: 00000A68, ChannelId=3448538912
Exception: {Opc.Ua.ServiceResultException} BadSecureChannelClosed
SDK trace: CloseSession Called. RequestHandle=3, PendingRequestCount=1
2*Exception: {System.ObjectDisposedException} Cannot access a disposed object.
SDK trace: CloseSession Completed. RequestHandle=3, PendingRequestCount=0, StatusCode=Bad
+ Events starting with activity ID in [] may not necessarily be related to the current action.
+ The client method called was 'ReadMultiple'.
Processing log entry events for 10 seconds...
Done.

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.044 seconds