Open SummerSeaSun opened 6 years ago
you can set the application uri in client object and you can do whatever you want with your certificate. That should solve it....in worst case use wiresharck to see all packets back and forth
Hello! I think that I have a similar problem. I want to communicate with the UaServerC++ (from Unified Automation) OPC-UA server with Basic256Sha256 and SignAndEncrypt. Without any security it let me connect properly:
But, then, when I add set_security_string it gives me a The URI specified in the ApplicationDescription does not match the URI in the certificate.(BadCertificateUriInvalid) error. I proved properly with same certificates files in UaExpert client, without any errors.
It's the problem that I have to set the application uri in client object? If the response is yes, how can I do this?
Thank you very much,
@oroulet Sorry for not mentioning you in the previous message
Take a look here https://github.com/FreeOpcUa/python-opcua/issues/778#issuecomment-454133568 Specially the "Note" part
I did the same thing: I used the certificates from UA Expert Client. The solution is quite simple:
openssl x509 -in uaexpert.der -inform der -text -noout | grep URI
urn:
print(client.application_uri)
urn:freeopcua:client
.client.application_uri = "urn:<output-from-certificate-check>"
client.connect()
.By the way there is no need to use client.load_client_certificate()
and client.load_private_key()
if you use function client.set_security_string()
.
Hi @nobodyman1 ! Do you know any way to authenticate de user using certificates? Some certificates different to those used in the security settings. I want to use certificates to authenticate (instead of anonimously or username/password). Thanks!
Hi @mikelga!
I don´t know because I´m connecting to a Siemens PLC S7-1500 which (as far as I know) doesn´t support certificates for user authentication only username and password or anonymous.
But if I take a look at the documentation https://python-opcua.readthedocs.io/en/latest/client.html I think the functions you are using (load_client_certificate(path)
and load_private_key(path)
) are correct.
I'm trying to connect with security to a server, but getting this error. The same connection without security works fine.
Maybe I'm wrong but I believe the problem is that certificate got the name of the server not it's ip. But from the UA expert the same settings works fine. I'm over the network so I need to call the server by its IP address not by name.