Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Could not create a certificate via a proxy: Input file was not processed properl

More
07 Sep 2023 14:54 #12077 by sistemi@resdata.it
The following user(s) said Thank You: support

Please Log in or Create an account to join the conversation.

More
06 Sep 2023 09:02 #12068 by support
Hello,

OPC UA certificates *can* be stored in platform-specific (Windows) certificate stores, but it is not the default behavior.
Normally they are in certificate stores that exist in the file system (in a directory/directories).

Try "C:\ProgramData\OPC Foundation\CertificateStores", and read
- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html
- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ry%20Certificate%20Stores.html

Best regards

Please Log in or Create an account to join the conversation.

More
06 Sep 2023 07:41 #12066 by sistemi@resdata.it
Hi,
thank you for the hints, sorry for the delay to the reply.

Our problem is to find the certificate in the "old" computer.
I've used the add-in "certificate manager" in Windows mmc but I can't find it.
I've searched all the certificates stores availables but nothing seems to match to our application name. I've looked in the assemblyinfo and searched in certificates stores by the AssemblyTitle attribute but nothing found.

How can I find the certificate? Which certificate store the component use? What kind of information the component uses from the assemblyinfo?

Regards

Please Log in or Create an account to join the conversation.

More
31 Aug 2023 18:15 #12055 by support
Hello.

While it is possible to configure aspects about the certificate selection, I would actually recommend an easier way, without modifying your program.
What the component uses uses to find the certificate is its "subject (name)", which by default it generates from information such as your project's assembly properties.

So, this is what I recommend to do:

1. On the "old" computer, where the same application runs, use some certificate viewer to find out the subject name.
2. Using Opc.UA.CertificateGenerator.exe, generate a new certificate with exactly the SAME subject name. Links: download kb.opclabs.com/Tool_Downloads#UA_Certificate_Generator , documentation github.com/OPCFoundation/Misc-Tools .
3. Verify that the subjects names are really equal.
4. Place the new certificate into the certificate store on the new computer. By default the certificates are *not* in the application subdirectory. They are in the global (shared) store. In fact you will need to have 3 locations:
4a. The .PFX in "C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault\private"
4b. The .DER in "C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault\certs"
4c. The same DER in "C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs"

Your program on the new computer then should be able to find the certificate and use it, without attempting to re-generate it.

Regards

Please Log in or Create an account to join the conversation.

More
31 Aug 2023 14:23 #12053 by sistemi@resdata.it
This is the full exception message
An OPC-UA operation failure with error code -2147483648 (0x80000000) occurred, originating from ''. The inner OPC-UA service exception with service result 'Bad' contains details about the problem. Could not create a certificate via a proxy: Input file was not processed properly.

We've tested the application from command line with administrator privileges

I've tried to create my own certificate with "Opc.UA.CertificateGenerator.exe" that I've found in "UA Configuration tool 1.03" but I can't understand the correct way to do that.
The certificate has been created and is placed in an application subdirectory.
How can I configure it to use it with my application? UA Configuration tool should modify the application config but nothing appened

Please Log in or Create an account to join the conversation.

More
31 Aug 2023 14:05 #12052 by support
Hello.
This is a very old version of the software and we do not support it. I will try to help you but only to some extent.

The problem has to do with auto-creation of the client ("your") certificate on the client machine.

It also should be noted that running under Windows Service is many times challenging, due to restricted permissions (which can be the issue). So, in fact the first thing I would recommend to do, would be to configure the service to run (temporarily, just for test) under normal user account, to see if the behavior changes. (if that is what you are already doing when you wrote "We're running the service with adminstrator privileges.", then ignore this suggestion).

Also, please provide more information about the error: The exception message full text, the call stack, and if there is an .InnerException, the same for it.

From the error text, it is quite possible that the problem has to do with the library trying to call an external EXE for the OPC UA certificate generator - again, a demanding thing to do from inside the Windows service. The recent versions of QuickOPC do not use the external EXE and are therefore more reliable in such situations.

If everything else fails, you can consider placing the certificate in the store yourself. When properly configured, QuickOPC will then find and use it, and will not attempt to create it - which is causing the issue probably.

Regards

Please Log in or Create an account to join the conversation.

More
31 Aug 2023 13:50 #12051 by sistemi@resdata.it
I'm very confusing, I can't understand.

We're moving a working Window Service that use OPC-UA to a new server (windows 2022)
We're using QuickOPC version 2016.2 (5.41.1274.1)

We receive the error in the post subject and I cannot understand the problem: is the certificate problem on the OPC server or on the client side?
We don't have access to server OPC.

We're running the service with adminstrator privileges.

We're tested connection with other two client: QuickOPC Demo Client and UA Expert.
Each client works correctly: it create correctly the client certificate and place it in the C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault\certs

What's the problem with our service?
Thanks

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.054 seconds