Closed JeremyTheocharis closed 3 months ago
What we already tried:
Hmm, it says Certificate Validation failed. Reason=BadCertificateUntrusted
.
I vaguely remember that there were some weird issues with padding. I assume you've done all the obvious stuff, like marking the certificate as trusted in the server.
The other thing you could try is to create a root certificate and sign a client certificate with that. Then import the root cert into the server as a trusted authority to see if that changes anything.
I am not the expert on the crypto code. @dwhutchison do you maybe have an idea?
Thank you for your reply! I assume it has nothing to do with trusting the certificate, as other clients as UAExpert and other tools can access the server without their certificate being needed to trust.
We could try your approach with the root certificate, maybe even let it create with a different tool. With this we could check if there is a problem with the certificate generation, or if its with the secure connection.
@dwhutchison If you have any other pointers for us, that would be great!
I think the reason was quite stupid: it happened when we were creating the certificate as always, but then selecting a authentication method that was unsupported. We still don;t know if it is a client or server issue, however swtiching to "Basic256Sha256" works.
Also another side issue: the error returned from the server is only available when debugging, but is overwritten at some point in the code with EOF. If anyone in the future has that problem, just open a debugger and fetch the proper error message
Hi,
We are the maintainer of benthos-umh (https://github.com/united-manufacturing-hub/benthos-umh), which uses gopcua.
We found that connecting via a secure connection will to some servers closing the connection. We were even able to reproduce it with the Microsoft OPC UA simulator (https://github.com/united-manufacturing-hub/benthos-umh/blob/master/tests/docker-compose.yaml).
What is happening is we get an EOF from the server. When using no security, we can successfully connect.
We have double checked the certificate generation, key sizes, etc., but could not find anything odd https://github.com/united-manufacturing-hub/benthos-umh/blob/bdd75d410d90e732641769cc81cae2bf63c4f898/plugin/opcua.go#L336-L458.
These are our client and server logs:
Is it because of our implementation of gopcua, or might it be an underlying issue in the library? We are glad about any help.
We even tried setting the certificate of the server to the proper IP address / DNS name (https://github.com/Azure-Samples/iot-edge-opc-plc/issues/318), but even this did not fix it. Because we are receiving this from various servers out there (namely OpenPCS7 from Siemens, B&R), we assume that this has something to do with either our implementation or the gopcua library