Log In
Home
06/22/2023
Offline
The .NET client, when restarted, fails to establish the connection. I think it fails to find the certificate which is already trusted in the store. (The certificate is already trusted by the server)
Here are the code screenshots:
Any help with this? Error establishing a connection: Error received from remote host: BadSecurityCheecksFailed
05/30/2017
Offline
BadSecurityCheecksFailed = check the server logs for the actual error. (error suppressed to reduce info hackers can use).
01/30/2023
Offline
It says the cert has to be trusted. I do that manually but the client doesn’t know when it got trusted. Is there an event handler or something similar?
05/30/2017
Offline
If it is coming from the Server then the Server needs to be told to trust the Client certificate.
The client then has to trust the Server certificate in separate step.
Code to manage certificates on the client side is here:
09/02/2024
Offline
I tried changing the code like that example but it’s still not working.
So let me explain the usecase.
I have a client which creates his own certificate I think through the OPC Nuget code.
It tries to connect to the server with that cert and it get auto rejected, my client immediatly gets a validation error: BadCertificateUntrusted back.
When I manually trust the cert on the server side, my client isn’t getting any feedback from the server about this, I suspected that the same eventhandler would than say something like Cert Trusted.
I did add the e.Accept = true in the eventhandler but that didn’t change anything.
The other problem is when I try to connect again it (the client) recreates a new certificate and not reusing the previous (manual trusted) certification, which I think could also potentially solve the previous issue.
05/30/2017
Offline
If the client is creating a new certificate each time there is something wrong with configuration.
i.e. the client configuration does not allow it to find the previously created certificate.
you may need to debug
var certOK = application.CheckApplicationInstanceCertificate(false, 0).Result;
To figure what is wrong in configuration.
09/02/2024
Offline
The call returns True, does this means that the certificate is good?
09/06/2024
Offline
I’m facing the same issue. in some way, when supplying a new CertificateIdentifier with an existing trusted certificate keeps giving errors.
var cert = new X509Certificate2(certificateLocation);
var cid = new CertificateIdentifier(cert);
it keeps creating new instances of the certificate instead of reusing an existing one.
Any progress on the previous replies?
05/30/2017
Offline
Certificates are re-created if there is a mismatch between configuration and the certificate.
Set application.DisableCertificateAutoCreation = true;
To stop this from happening.
However, if there is a mismatch you will not have a certificate.
There appear to be a lot of log messages in the code in:
https://github.com/OPCFoundati…..ce.cs#L437
So please turn on logging.
09/02/2024
Offline
I tried the disablecertificateautocreation true and indeed it doesn’t do anything now.
But it threw an exception:
[Image Can Not Be Found]
(Added an extra comment because I’m not sure if my pictures are working)
Exception: Opc.Ua.ServiceResultException: There is no cert… with subject… in the configuration.
Please generate a cert for you application,
then copy the new cert to this location:
C:\Skyline DataMiner\Documents\own
But in that directory I have 2 folders (certs and private) with some files but no files in the “own” folder.
[Image Can Not Be Found]
[Image Can Not Be Found]
[Image Can Not Be Found]
Any idea why it would not fine the correct certificate, I tried putting it in the own directory but got the same exception logging.
05/30/2017
Offline
There is no cert… with subject… in the configuration.
mean the SubjectName in the configuration does not match the certificate in the directory
What is the SubjectName in the configuration ?
09/02/2024
Offline
The issue is resolved, it was because of the name of the certificate, when changing to a more normal text it was fixed.
I do get another issue now: Baduseraccessdenied but still have to investigate if this is a configuration issue on the server or not.
1 Guest(s)
Usage Policy