search

Engineering-Research-and-Development / iotagent-opcua

IoT Agent for OPC UA protocol
https://iotagent-opcua.rtfd.io/
GNU Affero General Public License v3.0
42 stars 20 forks source link

Configure secure connection OPC UA #99

Closed alberto072710 closed 1 year ago

alberto072710 commented 1 year ago

Hi,

I try to configure secure connection SingAndEncrypt and Basic256Sha256.

In the trusted folder of the certificates I have copied the .der of the server. My question is how the client certificate is configured, I have seen that a server_certificate.pem file is automatically created but it is in the root folder. I have tried to copy this file to the own/certs folder, I have also tried to create a new certificate with the opnessl.cnf configuration file and the private key from the own/private folder. I have also added these certificates to my server. I always get the following error in the logs.

2023-01-31 12:31:08  | comp=IoTAgent
2023-01-31 12:31:08 time=2023-01-31T11:31:08.733Z | lvl=INFO | corr=dc294429-a2ba-41b9-b631-51a70420548b | trans=dc294429-a2ba-41b9-b631-51a70420548b | op=IoTAgentNGSI.ContextServer-v2 | from=n/a | srv=n/a | subsrv=n/a | msg=Loading NGSI-v2 Context server routes | comp=IoTAgent
2023-01-31 12:31:08 time=2023-01-31T11:31:08.740Z | lvl=INFO | corr=dc294429-a2ba-41b9-b631-51a70420548b | trans=dc294429-a2ba-41b9-b631-51a70420548b | op=IoTAgentOPCUA.Agent | from=n/a | srv=n/a | subsrv=n/a | msg=IoT Agent services activated | comp=IoTAgent
2023-01-31 12:31:08 time=2023-01-31T11:31:08.740Z | lvl=INFO | corr=dc294429-a2ba-41b9-b631-51a70420548b | trans=dc294429-a2ba-41b9-b631-51a70420548b | op=IoTAgentNGSI.JEXL | from=n/a | srv=n/a | subsrv=n/a | msg=Trasformations can be added to JEXL parser | comp=IoTAgent
2023-01-31 12:31:08 (node:1) [DEP0097] DeprecationWarning: Using a domain property in MakeCallback is deprecated. Use the async_context variant of MakeCallback or the AsyncResource class instead. (Triggered by calling processImmediate on process.)
2023-01-31 12:31:25 11:31:25.919Z :client_secure_channel_layer   :206   requestData not found for requestId =  1 try with  2
2023-01-31 12:31:25 time=2023-01-31T11:31:25.921Z | lvl=FATAL | corr=dc294429-a2ba-41b9-b631-51a70420548b | trans=dc294429-a2ba-41b9-b631-51a70420548b | op=IoTAgentOPCUA.OPCUABinding | from=n/a | srv=n/a | subsrv=n/a | msg=Error: The connection may have been rejected by server,
2023-01-31 12:31:25 Err = (Invalid message header detected) | comp=IoTAgent
2023-01-31 12:31:38 time=2023-01-31T11:31:38.234Z | lvl=DEBUG | corr=df2fff7f-f61e-4448-b27d-0d0f7a089de2 | trans=df2fff7f-f61e-4448-b27d-0d0f7a089de2 | op=IoTAgentNGSI.GenericMiddlewares | from=n/a | srv=n/a | subsrv=n/a | msg=Request for path [/iot/about] from [localhost:4041] | comp=IoTAgent

If I can access the server through the Prosys OPC UA Browser

Thank you very much for the help

manfredipist commented 1 year ago

Hi @alberto072710 sorry for the delay To fix your issue your should do the following:

  1. Once you connect to your secured opc ua server, inside certificates/reject folder in iotagent-opcua, your should find the certificate of your opc ua server which has been indeed reject by default.
  2. Move this certificate (.pem file) to certificates/trusted/certs 1
  3. Trust the client connection in your opc ua server 2
  4. Restart the connection, everything should now be working fine
manfredipist commented 1 year ago

Closing as stale, if you need further assistance don't hesitate to open a new issue!