Closed verschuerenwouter closed 4 years ago
erhardgrishaber
commented
4 years ago It could be that the LDS has not enough access rights to copy files in certain locations. Try to run it as root or with sudo, just to check this possibility. If it still dosen't work, please attach the LDS log file (if available) and mention the LDS version you are using.
verschuerenwouter
commented
4 years ago I was already running the LSD whit sudo so it should have all the acces it needs. I'm running the OPC UA Local Discovery Server 1.04.XXX.YYY Release. Here are the logs when trying to register the server to the LDS:
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Socket_HandleEvent: OPCUA_SOCKET_ACCEPT_EVENT
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Socket(0x5643af8275f0), Port(4840), Data(0x5643af81e5a0), Event(OPCUA_SOCKET_ACCEPT_EVENT)
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Event Handler returned.
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Socket(0x5643af8275f0), Port(4840), Data(0x5643af81e5a0), Event(OPCUA_SOCKET_READ_EVENT)
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_DataReady: total 56 bytes (48 last) of 48 (w/o header) received.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_ReadEventHandler: MessageType HELLO
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_ProcessHelloMessage: Transport connection from ::ffff:127.0.0.1:36314 accepted on socket 0x5643af8275f0!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_ConnectionManager_AddConnection: Connection added!
Mon Jul 13 13:11:57 [9185]: [uastack] Requested: PV:0 SB:655360 RB:655360 MMS:0 MCC:0
Mon Jul 13 13:11:57 [9185]: [uastack] Set: SB:65536 RB:65536 MMS:16777216 MCC:0
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Flush no. 1 with 0 max flushes and final flag 1!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Messagelength is 28! Last Call!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Buffer emptied!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_OnNotify: Transport Connection Opened
Mon Jul 13 13:11:57 [9185]: [uastack] SecureListener - ChannelManager_AddChannel: SecureChannel added! 0 in list
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Event Handler returned.
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Socket(0x5643af8275f0), Port(4840), Data(0x5643af81e5a0), Event(OPCUA_SOCKET_READ_EVENT)
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_DataReady: total 132 bytes (124 last) of 124 (w/o header) received.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_ReadEventHandler: MessageType SecureChannel Message
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_OnNotify: Request
Mon Jul 13 13:11:57 [9185]: [uastack] SecureStream - CheckInputHeaderType - OpenSecureChannel Service
Mon Jul 13 13:11:57 [9185]: [uastack] ProcessOpenSecureChannelRequest: SID 0, SURI "http://opcfoundation.org/UA/SecurityPolicy#None"
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_ChannelManager_GetChannelByTransportConnection: Searched securechannel found!
Mon Jul 13 13:11:57 [9185]: [uastack] SecureListener - PolicyManager_IsValidSecurityPolicy: Searched security policy found!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_AppendInput: Appending buffer 0!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_AppendInput: appended chunk with SN 1, RID 1
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpSecureChannel_GenerateSecurityToken: TOKEN ID is 1-1
Mon Jul 13 13:11:57 [9185]: [uastack] ProcessOpenSecureChannelRequest: Open: Revised Lifetime of Channel 1 from 600000 to 600000 ms!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_OnSecureChannelEvent: SecureChannel opened!
Mon Jul 13 13:11:57 [9185]: ualds_endpoint_callback called: Event=SecureChannelOpened, SecureChanneldId=0x00000001, uStatus=0x00000000
Mon Jul 13 13:11:57 [9185]: ualds_endpoint_callback: SecureChannel 0x00000001 opened with http://opcfoundation.org/UA/SecurityPolicy#None in mode 1 status 0x00000000!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Flush no. 1 with 0 max flushes and final flag 1!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Messagelength is 135! Last Call!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Buffer emptied!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_Flush: Flush number 0! (Last)
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_EndSendResponse: Status 0x00000000
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Event Handler returned.
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Socket(0x5643af8275f0), Port(4840), Data(0x5643af81e5a0), Event(OPCUA_SOCKET_READ_EVENT)
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_DataReady: total 93 bytes (85 last) of 85 (w/o header) received.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_ReadEventHandler: MessageType SecureChannel Message
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_OnNotify: Request
Mon Jul 13 13:11:57 [9185]: [uastack] SecureStream - CheckInputHeaderType - Common Service
Mon Jul 13 13:11:57 [9185]: [uastack] ProcessSessionCallRequest: SID 1, TID 1
Mon Jul 13 13:11:57 [9185]: [uastack] GetSecurityKeyset: Keysets for token id 1 requested.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_ProcessSessionCallRequest: All 1 chunks received; start processing!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_AppendInput: Appending buffer 0!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_AppendInput: appended chunk with SN 2, RID 2
Mon Jul 13 13:11:57 [9185]: [uastack] ReleaseSecurityKeyset: Keyset for token 1 released.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_OnNotify: Underlying listener raised request event!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_BeginProcessRequest: Service with RequestTypeId 426 requested! (HINT: GetEndpointsRequest)
Mon Jul 13 13:11:57 [9185]: [uastack] GetCurrentSecuritySet: Current Keysets requested. Returned token id is 1
Mon Jul 13 13:11:57 [9185]: [uastack] ReleaseSecurityKeyset: Keyset for token 1 released.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_BeginProcessRequest: Invoking service handler!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_EndSendResponse (0x00000000)!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_EndSendResponse: ID 2, Status 0x00000000
Mon Jul 13 13:11:57 [9185]: [uastack] GetCurrentSecuritySet: Current Keysets requested. Returned token id is 1
Mon Jul 13 13:11:57 [9185]: [uastack] ReleaseSecurityKeyset: Keyset for token 1 released.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Flush no. 1 with 0 max flushes and final flag 1!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Messagelength is 8092! Last Call!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Buffer emptied!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_Flush: Flush number 0! (Last)
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_EndSendResponse: Status 0x00000000
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_DeleteContext!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_BeginProcessRequest: Service handler returned! (0x00000000)
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Event Handler returned.
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Socket(0x5643af8275f0), Port(4840), Data(0x5643af81e5a0), Event(OPCUA_SOCKET_READ_EVENT)
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_DataReady: total 93 bytes (85 last) of 85 (w/o header) received.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_ReadEventHandler: MessageType SecureChannel Message
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_OnNotify: Request
Mon Jul 13 13:11:57 [9185]: [uastack] SecureStream - CheckInputHeaderType - Common Service
Mon Jul 13 13:11:57 [9185]: [uastack] ProcessSessionCallRequest: SID 1, TID 1
Mon Jul 13 13:11:57 [9185]: [uastack] GetSecurityKeyset: Keysets for token id 1 requested.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_ProcessSessionCallRequest: All 1 chunks received; start processing!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_AppendInput: Appending buffer 0!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_AppendInput: appended chunk with SN 3, RID 3
Mon Jul 13 13:11:57 [9185]: [uastack] ReleaseSecurityKeyset: Keyset for token 1 released.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_OnNotify: Underlying listener raised request event!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_BeginProcessRequest: Service with RequestTypeId 426 requested! (HINT: GetEndpointsRequest)
Mon Jul 13 13:11:57 [9185]: [uastack] GetCurrentSecuritySet: Current Keysets requested. Returned token id is 1
Mon Jul 13 13:11:57 [9185]: [uastack] ReleaseSecurityKeyset: Keyset for token 1 released.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_BeginProcessRequest: Invoking service handler!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_EndSendResponse (0x00000000)!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_EndSendResponse: ID 3, Status 0x00000000
Mon Jul 13 13:11:57 [9185]: [uastack] GetCurrentSecuritySet: Current Keysets requested. Returned token id is 1
Mon Jul 13 13:11:57 [9185]: [uastack] ReleaseSecurityKeyset: Keyset for token 1 released.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Flush no. 1 with 0 max flushes and final flag 1!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Messagelength is 8092! Last Call!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_Flush: Buffer emptied!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_Flush: Flush number 0! (Last)
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_EndSendResponse: Status 0x00000000
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_DeleteContext!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_BeginProcessRequest: Service handler returned! (0x00000000)
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Event Handler returned.
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Socket(0x5643af8275f0), Port(4840), Data(0x5643af81e5a0), Event(OPCUA_SOCKET_READ_EVENT)
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpStream_DataReady: total 57 bytes (49 last) of 49 (w/o header) received.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_ReadEventHandler: MessageType SecureChannel Message
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_OnNotify: Request
Mon Jul 13 13:11:57 [9185]: [uastack] SecureStream - CheckInputHeaderType - CloseSecureChannel Service
Mon Jul 13 13:11:57 [9185]: [uastack] ProcessCloseSecureChannelRequest: SID 1, TID 1
Mon Jul 13 13:11:57 [9185]: [uastack] GetSecurityKeyset: Keysets for token id 1 requested.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_AppendInput: Appending buffer 0!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureStream_AppendInput: appended chunk with SN 4, RID 4
Mon Jul 13 13:11:57 [9185]: [uastack] ReleaseSecurityKeyset: Keyset for token 1 released.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Endpoint_OnSecureChannelEvent: SecureChannel closed!
Mon Jul 13 13:11:57 [9185]: ualds_endpoint_callback called: Event=SecureChannelClosed, SecureChanneldId=0x00000001, uStatus=0x00000000
Mon Jul 13 13:11:57 [9185]: ualds_endpoint_callback: SecureChannel 0x00000001 closed with status 0x00000000!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_SecureListener_ChannelManager_GetChannelByTransportConnection: Searched securechannel found!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_CloseConnection: Connection 0x7f8270010bf0 is being closed! 0x80AD0000
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_P_Socket_Close: Shutting down socket 0x5643af8275f0!
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_Connection_Clear: Done!
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Event Handler returned.
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_Socket_HandleEvent: OPCUA_SOCKET_CLOSE_EVENT
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Socket(0x5643af8275f0), Port(4840), Data(0x5643af81e5a0), Event(OPCUA_SOCKET_CLOSE_EVENT)
Mon Jul 13 13:11:57 [9185]: [uastack] OpcUa_TcpListener_TimeoutEventHandler: socket 0x5643af8275f0
Mon Jul 13 13:11:57 [9185]: [uastack] * OpcUa_TcpListener_EventCallback: Event Handler returned.
Mon Jul 13 13:11:59 [9185]: [uastack] OpcUa_SecureListener_ChannelManager_TimerCallback: Checking Channels for lifetime expiration!
Mon Jul 13 13:11:59 [9185]: [uastack] OpcUa_SecureListener_ChannelManager_TimerCallback: removing SecureChannel 1 after it was closed!
From the log file I can see that the Server is calling the service "GetEndpoints" with SecurityPolicy#None on the LDS . This is perfectly OK. After this it should try to register on the LDS with SecurityPolicy#Basic128Rsa15 (or Basic256), but this does not happen. For some reason, the Server is not registering on the LDS. This is why the certificate is not copied into the rejected folder (the validation never happens). I tried with my own Server and the log should be like this: ualds_endpoint_callback: SecureChannel 0x00000000 opened with http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15 in mode 4 status 0x801A0000! where 0x801A0000 means BadCertificateUntrusted. The best approach would be to debug on the TestServer to see why it is not even trying to register. Possibly a configuration issue.
erossignon
commented
4 years ago Once the Endpoint has been extracted using SecurityPolicy#None, the server will identify the endpoint with the highest security level (Encrypted/Basic256) and reopen a Client Secure channel for this.
You can create a trace with node-opcua this way:
$ set NODEOPCUADEBUG=TRACE-REQUEST-RESPONSE
$ node server.js06:54:29:166 >>>>>> 1 OpenSecureChannelRequest
------------------------------------- Client Sending a request OpenSecureChannelRequest h= 1 channel id 0 securityToken= x
{ /*OpenSecureChannelRequest*/
requestHeader /* RequestHeader */: {
authenticationToken /* NodeId */: ns=0;i=0
timestamp /* DateTime */: 2020-07-14T06:54:29.165Z
requestHandle /* UInt32 */: 1 0x1
returnDiagnostics /* UInt32 */: 0 0x0
auditEntryId /* UAString */: null
timeoutHint /* UInt32 */: 60000 0xea60
additionalHeader /* ExtensionObject */: null
}
clientProtocolVersion /* UInt32 */: 0 0x0
requestType /* SecurityTokenRequ */: SecurityTokenRequestType.Issue ( 0)
securityMode /* MessageSecurityMo */: MessageSecurityMode.None ( 1)
clientNonce /* ByteString */: null
requestedLifetime /* UInt32 */: 600000 0x927c0
};
06:54:29:174 <<<<<< _on_message_received 1 OpenSecureChannelResponse Good (0x00000)
{ /*OpenSecureChannelResponse*/
responseHeader /* ResponseHeader */: {
timestamp /* DateTime */: 2020-07-14T06:54:29.171Z
requestHandle /* UInt32 */: 1 0x1
serviceResult /* StatusCode */: Good (0x00000)
serviceDiagnostics /* DiagnosticInfo */: { /*DiagnosticInfo*/
namespaceUri /* Int32 */: null
symbolicId /* Int32 */: -1
locale /* Int32 */: -1
localizedText /* Int32 */: -1
additionalInfo /* String */: null
innerStatusCode /* StatusCode */: Good (0x00000)
innerDiagnosticInfo /* DiagnosticInfo */: null
};
stringTable /* UAString [] */: null []
additionalHeader /* ExtensionObject */: null
}
serverProtocolVersion /* UInt32 */: 0 0x0
securityToken /* ChannelSecurityTo */: {
channelId /* UInt32 */: 2 0x2
tokenId /* UInt32 */: 1 0x1
createdAt /* DateTime */: 2020-07-14T06:54:29.171Z
revisedLifetime /* UInt32 */: 600000 0x927c0
}
serverNonce /* ByteString */: null
};
06:54:29:176 >>>>>> 2 GetEndpointsRequest
------------------------------------- Client Sending a request GetEndpointsRequest h= 2 channel id 2 securityToken= 1
{ /*GetEndpointsRequest*/
requestHeader /* RequestHeader */: {
authenticationToken /* NodeId */: ns=0;i=0
timestamp /* DateTime */: 2020-07-14T06:54:29.175Z
requestHandle /* UInt32 */: 2 0x2
returnDiagnostics /* UInt32 */: 0 0x0
auditEntryId /* UAString */: null
timeoutHint /* UInt32 */: 60000 0xea60
additionalHeader /* ExtensionObject */: null
}
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
localeIds /* UAString [] */: [ /* empty*/ ]
profileUris /* UAString [] */: [ /* empty*/ ]
};
06:54:29:179 <<<<<< _on_message_received 2 GetEndpointsResponse Good (0x00000)
{ /*GetEndpointsResponse*/
responseHeader /* ResponseHeader */: {
timestamp /* DateTime */: 2020-07-14T06:54:29.178Z
requestHandle /* UInt32 */: 2 0x2
serviceResult /* StatusCode */: Good (0x00000)
serviceDiagnostics /* DiagnosticInfo */: { /*DiagnosticInfo*/
namespaceUri /* Int32 */: null
symbolicId /* Int32 */: -1
locale /* Int32 */: -1
localizedText /* Int32 */: -1
additionalInfo /* String */: null
innerStatusCode /* StatusCode */: Good (0x00000)
innerDiagnosticInfo /* DiagnosticInfo */: null
};
stringTable /* UAString [] */: null []
additionalHeader /* ExtensionObject */: null
}
endpoints /* EndpointDescripti[] */: [
{ /*0*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[...]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.None ( 1)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#None
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 1
},
{ /*1*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[...]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.Sign ( 2)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 2
},
{ /*2*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[....]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.SignAndEncrypt ( 3)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 2
},
{ /*3*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[...]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.Sign ( 2)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#Basic256
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 3
},
{ /*4*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[...]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.SignAndEncrypt ( 3)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#Basic256
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 3
}
]
};
06:54:29:185 >>>>>> 3 GetEndpointsRequest
------------------------------------- Client Sending a request GetEndpointsRequest h= 3 channel id 2 securityToken= 1
{ /*GetEndpointsRequest*/
requestHeader /* RequestHeader */: {
authenticationToken /* NodeId */: ns=0;i=0
timestamp /* DateTime */: 2020-07-14T06:54:29.185Z
requestHandle /* UInt32 */: 3 0x3
returnDiagnostics /* UInt32 */: 0 0x0
auditEntryId /* UAString */: null
timeoutHint /* UInt32 */: 60000 0xea60
additionalHeader /* ExtensionObject */: null
}
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
localeIds /* UAString [] */: [ /* empty*/ ]
profileUris /* UAString [] */: [ /* empty*/ ]
};
06:54:29:187 <<<<<< _on_message_received 3 GetEndpointsResponse Good (0x00000)
{ /*GetEndpointsResponse*/
responseHeader /* ResponseHeader */: {
timestamp /* DateTime */: 2020-07-14T06:54:29.186Z
requestHandle /* UInt32 */: 3 0x3
serviceResult /* StatusCode */: Good (0x00000)
serviceDiagnostics /* DiagnosticInfo */: { /*DiagnosticInfo*/
namespaceUri /* Int32 */: null
symbolicId /* Int32 */: -1
locale /* Int32 */: -1
localizedText /* Int32 */: -1
additionalInfo /* String */: null
innerStatusCode /* StatusCode */: Good (0x00000)
innerDiagnosticInfo /* DiagnosticInfo */: null
};
stringTable /* UAString [] */: null []
additionalHeader /* ExtensionObject */: null
}
endpoints /* EndpointDescripti[] */: [
{ /*0*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[...]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.None ( 1)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#None
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 1
},
{ /*1*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[...]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.Sign ( 2)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 2
},
{ /*2*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[...]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.SignAndEncrypt ( 3)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 2
},
{ /*3*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[...]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.Sign ( 2)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#Basic256
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 3
},
{ /*4*/
endpointUrl /* UAString */: opc.tcp://STERFIVEPC2:4840
server /* ApplicationDescri */: {
applicationUri /* UAString */: urn:STERFIVEPC2:UALocalDiscoveryServer
productUri /* UAString */: http://opcfoundation.org/UA/LocalDiscoveryServer
applicationName /* LocalizedText */: locale=en-US text=UA Local Discovery Server
applicationType /* ApplicationType */: ApplicationType.DiscoveryServer ( 3)
gatewayServerUri /* UAString */: null
discoveryProfileUri /* UAString */: null
discoveryUrls /* UAString [] */: [ /* length =1*/
opc.tcp://STERFIVEPC2
]
}
serverCertificate /* ByteString */
[...]
.... ( 1342)}
securityMode /* MessageSecurityMo */: MessageSecurityMode.SignAndEncrypt ( 3)
securityPolicyUri /* UAString */: http://opcfoundation.org/UA/SecurityPolicy#Basic256
userIdentityTokens /* UserTokenPolicy [] */: [
{ /*0*/
policyId /* UAString */: 0
tokenType /* UserTokenType */: UserTokenType.Anonymous ( 0)
issuedTokenType /* UAString */: null
issuerEndpointUrl /* UAString */: null
securityPolicyUri /* UAString */: null
}
]
transportProfileUri /* UAString */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel /* Byte */: 3
}
]
};
06:54:29:194 >>>>>> 4 CloseSecureChannelRequest
------------------------------------- Client Sending a request CloseSecureChannelRequest h= 4 channel id 2 securityToken= 1
{ /*CloseSecureChannelRequest*/
requestHeader /* RequestHeader */: {
authenticationToken /* NodeId */: ns=0;i=0
timestamp /* DateTime */: 2020-07-14T06:54:29.194Z
requestHandle /* UInt32 */: 4 0x4
returnDiagnostics /* UInt32 */: 0 0x0
auditEntryId /* UAString */:
timeoutHint /* UInt32 */: 60000 0xea60
additionalHeader /* ExtensionObject */: null
}
};Then the server create a secure connection in order to call registerServer, but OpenSecureChannelRequest fails
06:54:29:318 >>>>>> 1 OpenSecureChannelRequest
------------------------------------- Client Sending a request OpenSecureChannelRequest h= 1 channel id 0 securityToken= x
{ /*OpenSecureChannelRequest*/
requestHeader /* RequestHeader */: {
authenticationToken /* NodeId */: ns=0;i=0
timestamp /* DateTime */: 2020-07-14T06:54:29.318Z
requestHandle /* UInt32 */: 1 0x1
returnDiagnostics /* UInt32 */: 0 0x0
auditEntryId /* UAString */: null
timeoutHint /* UInt32 */: 60000 0xea60
additionalHeader /* ExtensionObject */: null
}
clientProtocolVersion /* UInt32 */: 0 0x0
requestType /* SecurityTokenRequ */: SecurityTokenRequestType.Issue ( 0)
securityMode /* MessageSecurityMo */: MessageSecurityMode.SignAndEncrypt ( 3)
clientNonce /* ByteString */
BUFFER{00000000: 49 2a 1e 3b 42 e0 40 88 cf 8c ac c8 e1 8e 4c 6e 35 29 7d 12 ca c2 8b 46 07 09 79 f7 c8 b3 a5 d0 I*.;B`@.O.,Ha.Ln5)}.JB.F..ywH3%P
}
requestedLifetime /* UInt32 */: 600000 0x927c0
};
06:54:29.334Z :message_builder_base :109 Error client1 ERROR RECEIVED <<<< HERE !!!
message was 2: { /*OpenSecureChannelRequest*/
requestHeader /* RequestHeader */: {
authenticationToken /* NodeId */: ns=0;i=0
timestamp /* DateTime */: 2020-07-14T06:54:29.318Z
requestHandle /* UInt32 */: 1 0x1
returnDiagnostics /* UInt32 */: 0 0x0
auditEntryId /* UAString */: null
timeoutHint /* UInt32 */: 60000 0xea60
additionalHeader /* ExtensionObject */: null
}
clientProtocolVersion /* UInt32 */: 0 0x0
requestType /* SecurityTokenRequ */: SecurityTokenRequestType.Issue ( 0)
securityMode /* MessageSecurityMo */: MessageSecurityMode.SignAndEncrypt ( 3)
clientNonce /* ByteString */
BUFFER{00000000: 49 2a 1e 3b 42 e0 40 88 cf 8c ac c8 e1 8e 4c 6e 35 29 7d 12 ca c2 8b 46 07 09 79 f7 c8 b3 a5 d0 I*.;B`@.O.,Ha.Ln5)}.JB.F..ywH3%P
}
requestedLifetime /* UInt32 */: 600000 0x927c0
};
RegisterServer to the LDS has failed during secure connection => please check that you server certificate is trusted by the LDS. err: The connection has been rejected by server,
Please check that client certificate is trusted by server.
Err = (_socket has been disconnected by third party)
Received server interruption from user
shutting down ...
06:54:59:091 >>>>>> 1 OpenSecureChannelRequestThe LDS trace is :
Tue Jul 14 09:57:55 [16284]: [uastack]
verify error:
num=18:self signed certificate
depth=0
/O=NodeOPCUA/CN=NodeOPCUA
Tue Jul 14 09:57:55 [16284]: [uastack] issuer=/O=NodeOPCUA/CN=NodeOPCUA
Tue Jul 14 09:57:55 [16284]: [uastack]
verify error:
num=18:self signed certificate
depth=0
/O=NodeOPCUA/CN=NodeOPCUA
Tue Jul 14 09:57:55 [16284]: [uastack] issuer=/O=NodeOPCUA/CN=NodeOPCUA
Tue Jul 14 09:57:55 [16284]: Could not verify certificate in old default certificate store (0x801a0000).
Tue Jul 14 09:57:55 [16284]: [uastack]
verify error:
num=18:self signed certificate
depth=0
/O=NodeOPCUA/CN=NodeOPCUA
Tue Jul 14 09:57:55 [16284]: [uastack] issuer=/O=NodeOPCUA/CN=NodeOPCUA
Tue Jul 14 09:57:55 [16284]: Could not verify certificate in old edited certificate store (0x801a0000).
Tue Jul 14 09:57:55 [16284]: Verifying certificate in windows store returned 0x801a0000.
Tue Jul 14 09:57:55 [16284]: Certificate validation for thumbprint: f9c55d0d9b4ad3690672bfa9574c4414f1abb5c3 subject: /O=NodeOPCUA/CN=NodeOPCUA issuer: /O=NodeOPCUA/CN=NodeOPCUA validFrom Apr 18 18:01:35 2020 GMT validTo Apr 18 18:01:35 2021 GMT failed with status CertificateUntrusted
Tue Jul 14 09:57:55 [16284]: ualds_endpoint_callback called: Event=SecureChannelOpened, SecureChanneldId=0x00000000, uStatus=0x801A0000
Tue Jul 14 09:57:55 [16284]: ualds_endpoint_callback: SecureChannel 0x00000000 opened with http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15 in mode 4 status 0x801A0000!
Tue Jul 14 09:57:55 [16284]: F9C55D0D9B4AD3690672BFA9574C4414F1ABB5C3.der
Tue Jul 14 09:57:55 [16284]: 9DDA70C5510EB993A48645AA604C82BB2A44F8BF.der
Tue Jul 14 09:57:55 [16284]: [uastack] OpcUa_SecureListener_ProcessRequest: Closing channel due error 0x80130000!@erossignon do you have any idea why the secure connection fails, is it a configuration error or something else?
erossignon
commented
4 years ago @verschuerenwouter I need help from @erhardgrishaber to understand what this error code means:
Verifying certificate in windows store returned 0x801a0000Registering a SERVER to the LDS requires a secure connection. For me, the server certificate must be trusted in the certificate store used by the LDS. but the documentation is not clear of how to add a certificate to the trusted list of the LDS.
Tue Jul 14 09:57:55 [16284]: Certificate validation for thumbprint: f9c55d0d9b4ad3690672bfa9574c4414f1abb5c3 subject: /O=NodeOPCUA/CN=NodeOPCUA issuer: /O=NodeOPCUA/CN=NodeOPCUA validFrom Apr 18 18:01:35 2020 GMT validTo Apr 18
18:01:35 2021 GMT failed with status CertificateUntrusted@erossignon 0x801a0000 means BadCertificateUntrusted. as he explained here, if you got that return the server certificate should be found in the rejected folder of the LDS if i understand it correctly
erhardgrishaber
commented
4 years ago @erossignon : The LDS is checking in multiple places (folders) for the trusted certificates (for historical reasons). If it could not find the certificate in one place, it searches in the next place. If all the possibilities have failed, the LDS will return the status code BadCertificateUntrusted. The LDS log file that you provided is the one that I would expect in case of @verschuerenwouter. Normally, an Administrator would be the person who copies the certificates in the trusted folder, or possibly a script. The location for the certificates in linux is : /opt/opcfoundation/ualds/pki. @erossignon : in your case, since the connection was rejected with bad status code, I would expect that the certificate is in the 'rejected/certs' folder; just copy it to the 'trusted/certs' and it should work.
erossignon
commented
4 years ago @erhardgrishaber what is the procedure on Windows ?
erhardgrishaber
commented
4 years ago @erossignon : I'm not sure I understand the question. The steps described above are the same for Windows, just the folder paths are different (C:\ProgramData\OPC Foundation\UA\pki)
erossignon
commented
4 years ago @erhardgrishaber thank you that was exactly what I needed.
erossignon
commented
4 years ago @erhardgrishaber I think that copying the certificate from rejected to trusted is not sufficient, it needs to be removed from the rejected folder as well,
erossignon
commented
4 years ago the trick is is if you are running the opcualds the /opt/opcfoundation/ualds/pki may not exist yet.
You will need to create it and make it writeable:
$sudo mkdir -p /opt/opcfoundation/ualds/pki
$sudo chmod a+rw /opt/opcfoundation/ualds/pkiThen, once your server certificate appears in the rejected/cert folder simply move it to the trusted/cert folder
$ sudo mv rejected/certs/F364C3A2DE8103AED9226B244EDD50C6667B7C74.der trusted/certsWhile working together whit @erossignon we found the problem, the host name of my pc was set to a number. this was probably misinterpreted to be an IP address witch caused the timeout errors.
the fix: change the host name of my Pc to something that isn't a number/doesn't start whit a number.
i've been trying to connect a opc-ua niode server to this LDS whitout any luck. The LDS keeps rejecting the certificate whitout placing it in the rejected folder so i can't move it to the trusted list (i'm running the LDS on an ubuntu machine). here is the server code responsible for contacting the LDS :
this is the error that i keep getting: