Client authentication with username/password
743 views
Skip to first unread message
Luca Olivetti
Jan 14, 2021, 5:52:51 AM1/14/21
to open62541
Hello,
I'm trying to authenticate against an rfid reader (siemens rf185c).
I compiled the library with encryption but I cannot find a way to authenticate with my application, so I tried with the example (from the 1.1 branch).
An anonymous connection works:
luca@seis:~/Datos/open62541/open62541-pack-1.1/examples$ LD_LIBRARY_PATH=/home/luca/Datos/open62541/open62541-pack-1.1/build/bin/ ./client_connect opc.tcp://rf185c[2021-01-14 11:45:22.444 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2021-01-14 11:45:22.444 (UTC+0100)] info/network No port defined, using default port 4840
[2021-01-14 11:45:22.601 (UTC+0100)] info/channel Connection 3 | SecureChannel 1080351768 | Opened SecureChannel with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:45:22.601 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2021-01-14 11:45:22.642 (UTC+0100)] info/client Selected Endpoint opc.tcp://192.168.1.24:4840 with SecurityMode None and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:45:22.642 (UTC+0100)] info/client Selected UserTokenPolicy Anonymous with UserTokenType Anonymous and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:45:22.687 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Created, ConnectStatus: Good
[2021-01-14 11:45:22.730 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Activated, ConnectStatus: Good
[2021-01-14 11:45:22.730 (UTC+0100)] info/userland Connected!
[2021-01-14 11:45:22.768 (UTC+0100)] info/userland The server date is: 14-01-2021 10:45:22.728
[2021-01-14 11:45:22.815 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: Good
[2021-01-14 11:45:22.444 (UTC+0100)] info/network No port defined, using default port 4840
[2021-01-14 11:45:22.601 (UTC+0100)] info/channel Connection 3 | SecureChannel 1080351768 | Opened SecureChannel with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:45:22.601 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2021-01-14 11:45:22.642 (UTC+0100)] info/client Selected Endpoint opc.tcp://192.168.1.24:4840 with SecurityMode None and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:45:22.642 (UTC+0100)] info/client Selected UserTokenPolicy Anonymous with UserTokenType Anonymous and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:45:22.687 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Created, ConnectStatus: Good
[2021-01-14 11:45:22.730 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Activated, ConnectStatus: Good
[2021-01-14 11:45:22.730 (UTC+0100)] info/userland Connected!
[2021-01-14 11:45:22.768 (UTC+0100)] info/userland The server date is: 14-01-2021 10:45:22.728
[2021-01-14 11:45:22.815 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: Good
I then try with authentication
luca@seis:~/Datos/open62541/open62541-pack-1.1/examples$ LD_LIBRARY_PATH=/home/luca/Datos/open62541/open62541-pack-1.1/build/bin/ ./client_connect -username Opcua123 -password Opcua123 opc.tcp://rf185c
[2021-01-14 11:46:22.693 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2021-01-14 11:46:22.693 (UTC+0100)] info/network No port defined, using default port 4840
[2021-01-14 11:46:22.852 (UTC+0100)] info/channel Connection 3 | SecureChannel 1080351769 | Opened SecureChannel with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:46:22.853 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2021-01-14 11:46:22.895 (UTC+0100)] info/client Rejecting UserTokenPolicy 0 (anonymous) in endpoint 0: configuration doesn't match
[2021-01-14 11:46:22.895 (UTC+0100)] info/client Rejecting UserTokenPolicy 1 in endpoint 0: security policy 'http://opcfoundation.org/UA/SecurityPolicy#Basic256' not available
[2021-01-14 11:46:22.895 (UTC+0100)] error/client No suitable UserTokenPolicy found for the possible endpoints
[2021-01-14 11:46:22.896 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: BadInternalError
[2021-01-14 11:46:22.693 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2021-01-14 11:46:22.693 (UTC+0100)] info/network No port defined, using default port 4840
[2021-01-14 11:46:22.852 (UTC+0100)] info/channel Connection 3 | SecureChannel 1080351769 | Opened SecureChannel with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:46:22.853 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2021-01-14 11:46:22.895 (UTC+0100)] info/client Rejecting UserTokenPolicy 0 (anonymous) in endpoint 0: configuration doesn't match
[2021-01-14 11:46:22.895 (UTC+0100)] info/client Rejecting UserTokenPolicy 1 in endpoint 0: security policy 'http://opcfoundation.org/UA/SecurityPolicy#Basic256' not available
[2021-01-14 11:46:22.895 (UTC+0100)] error/client No suitable UserTokenPolicy found for the possible endpoints
[2021-01-14 11:46:22.896 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: BadInternalError
So I try to specify the required policy:
luca@seis:~/Datos/open62541/open62541-pack-1.1/examples$ LD_LIBRARY_PATH=/home/luca/Datos/open62541/open62541-pack-1.1/build/bin/ ./client_connect -username Opcua123 -password Opcua123 -securityPolicy "http://opcfoundation.org/UA/SecurityPolicy#Basic256" opc.tcp://rf185c
[2021-01-14 11:49:28.693 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2021-01-14 11:49:28.693 (UTC+0100)] info/network No port defined, using default port 4840
[2021-01-14 11:49:28.850 (UTC+0100)] info/channel Connection 3 | SecureChannel 1080351771 | Opened SecureChannel with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:49:28.850 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2021-01-14 11:49:28.892 (UTC+0100)] info/client Rejecting endpoint 0: security policy doesn't match
[2021-01-14 11:49:28.892 (UTC+0100)] error/client No suitable endpoint found
[2021-01-14 11:49:28.892 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: BadInternalError
[2021-01-14 11:49:28.693 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2021-01-14 11:49:28.693 (UTC+0100)] info/network No port defined, using default port 4840
[2021-01-14 11:49:28.850 (UTC+0100)] info/channel Connection 3 | SecureChannel 1080351771 | Opened SecureChannel with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2021-01-14 11:49:28.850 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2021-01-14 11:49:28.892 (UTC+0100)] info/client Rejecting endpoint 0: security policy doesn't match
[2021-01-14 11:49:28.892 (UTC+0100)] error/client No suitable endpoint found
[2021-01-14 11:49:28.892 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: BadInternalError
It seems it's not using the policy I asked for.
Note that I'm using the example client as a way to find out how to implement my client, supposing it works, but I cannot even make the example client work.
Bye
Luca
Julius Pfrommer
Jan 20, 2021, 9:49:05 AM1/20/21
to open62541
Probably you need to activate encryption in the client.
Even with unencrypted SecureChannels you often need to transmit the password with encryption.
Regards, Julius
Luca Olivetti
Jan 20, 2021, 9:55:32 AM1/20/21
to open...@googlegroups.com
El 20/1/21 a les 15:49, Julius Pfrommer ha escrit:
Nico Sachs replied to me directly (not on the list) suggesting that I
add a client certificate (a self-signed one would do) and it worked.
The sample app provided by siemens (in c#) also creates a self-signed
certificate. Since I was just using username/password I thought that a
client certificate wasn't needed.
Also, I'm using the library from pascal, so I wasn't sure that the
translated headers were fine (they weren't, luckily enough lazarus
allows me to step through C code as well as pascal, so I could spot the
error).
Bye
--
Luca
> Probably you need to activate encryption in the client.
> Even with unencrypted SecureChannels you often need to transmit the
> password with encryption.
Hello,
> Even with unencrypted SecureChannels you often need to transmit the
> password with encryption.
Nico Sachs replied to me directly (not on the list) suggesting that I
add a client certificate (a self-signed one would do) and it worked.
The sample app provided by siemens (in c#) also creates a self-signed
certificate. Since I was just using username/password I thought that a
client certificate wasn't needed.
Also, I'm using the library from pascal, so I wasn't sure that the
translated headers were fine (they weren't, luckily enough lazarus
allows me to step through C code as well as pascal, so I could spot the
error).
Bye
--
Luca
Mario Siegel
Mar 2, 2023, 4:19:41 AM3/2/23
to open62541
Hello guys,
I have the same problem. I try to connect to an IBHLink-UA via username/password without encryption, but without success.
Now I have downloaded a client certificate from the IBH. But how can I set this certificate now in my UA_ClientConfig?
Thanks a lot in advance.
Regards, Mario.
mattia.g...@gmail.com
Mar 16, 2023, 12:55:17 PM3/16/23
to open62541
Hello everyone,
I've been trying for a long time to connect to a Siemens 1512SP F-1 PN CPU via username and password but I can't achieve the goal.
I'm using open62541 v1.3.5 build with OpenSSL Encryption and UA_BUILD_SELFSIGNED_CERTIFICATE option activated.
When I try to connect with the client connect example, it gives me this result.
client_connect.exe -username nomeutente -password pswplc -securityPolicy "http://opcfoundation.org/UA/SecurityPolicy#Basic256" opc.tcp://192.168.11.240:4840
[2023-03-16 17:45:44.039 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2023-03-16 17:45:44.055 (UTC+0100)] info/channel Connection 336 | SecureChannel 2951111524 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2023-03-16 17:45:44.055 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2023-03-16 17:45:44.061 (UTC+0100)] info/client The initially defined EndpointURL opc.tcp://192.168.11.240:4840is valid for the server
[2023-03-16 17:45:44.068 (UTC+0100)] info/client Rejecting endpoint 0: security policy not available
[2023-03-16 17:45:44.068 (UTC+0100)] error/client No suitable endpoint found
[2023-03-16 17:45:44.069 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: BadInternalError
[2023-03-16 17:45:44.069 (UTC+0100)] info/userland Could not connect
[2023-03-16 17:45:44.039 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2023-03-16 17:45:44.055 (UTC+0100)] info/channel Connection 336 | SecureChannel 2951111524 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2023-03-16 17:45:44.055 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2023-03-16 17:45:44.061 (UTC+0100)] info/client The initially defined EndpointURL opc.tcp://192.168.11.240:4840is valid for the server
[2023-03-16 17:45:44.068 (UTC+0100)] info/client Rejecting endpoint 0: security policy not available
[2023-03-16 17:45:44.068 (UTC+0100)] error/client No suitable endpoint found
[2023-03-16 17:45:44.069 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: BadInternalError
[2023-03-16 17:45:44.069 (UTC+0100)] info/userland Could not connect
Could anyone help me with this?
Julius Pfrommer
Mar 17, 2023, 5:50:31 AM3/17/23
to open62541
Hey there,
from the command line
client_connect.exe -username nomeutente -password pswplc -securityPolicy "http://opcfoundation.org/UA/SecurityPolicy#Basic256" opc.tcp://192.168.11.240:4840
I don't see that the certificate is loaded into the client.
You need [-cert certfile.der] [-key keyfile.der] as additional arguments.
If that also doesn't help, please post the Endpoints proposed by the server.
For that, enable UA_BUILD_TOOLS. This builds the "ua" executable.
That can be used with "ua opc.tcp://server:port getendpoints" to print the available endpoints for further investigation.
Regards, Julius
mattia.g...@gmail.com
Mar 17, 2023, 6:13:13 AM3/17/23
to open62541
Hi Julius,
Thanks for your reply.
I'm looking for certfile and keyfile but I'm not able to find or how to generate them. I need help.If you could help me find a solution I would really appreciate it.
Here the available endpoints by ua tools:
[2023-03-17 11:08:37.232 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2023-03-17 11:08:37.279 (UTC+0100)] info/channel Connection 336 | SecureChannel 2951111525 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2023-03-17 11:08:37.279 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2023-03-17 11:08:37.279 (UTC+0100)] info/client The initially defined EndpointURL opc.tcp://192.168.11.240:4840is valid for the server
[2023-03-17 11:08:37.294 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: Good
{
DataType: EndpointDescription,
Value: Array(1, EndpointDescription) {
0: {
EndpointUrl: "opc.tcp://192.168.11.240:4840",
Server: {
ApplicationUri: "urn:SIMATIC.S7-1500.OPC-UAServer:CPU1512SP_ufficio",
ProductUri: "https://www.siemens.com/s7-1500",
ApplicationName: {
Locale: NullString,
Text: "SIMATIC.S7-1500.OPC-UAServer:CPU1512SP_ufficio"
},
ApplicationType: 0,
GatewayServerUri: NullString,
DiscoveryProfileUri: NullString,
DiscoveryUrls: Array(1, String) {
0: "opc.tcp://192.168.11.240:4840"
}
},
ServerCertificate: "MIIDwDCCAqigAwIBAgIIWJn/zJZangAwDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UEAwwbQ1BVMTUxMlNQLXVmZmljaW8vT1BDVUEtMS0yMB4XDTIyMDEyNTA5MTcyNFoXDTM3MDEyNTAwMDAwMFowJjEkMCIGA1UEAwwbQ1BVMTUxMlNQLXVmZmljaW8vT1BDVUEtMS0yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwnmp8Z4unhtAgDB2oCw7aualbRQV2vYq+CG6uqXfpesMgEwTcq8s0Qq8gmlpAMN4HpyscxBj3YMjIoqKjS6yR9Pr12anOZ6H5aJSdLNpkvzxY1/+yy5ZGAm4KI5cX0Fp2eQ871JHS1P6LyU9B5AFAAGa+HvrXvOBKiw4OcxJ7sb09XxulOG0ffOxelxOzciQMODGDDcsP8mQSGMODEAir23dxg0LVc8dtp0OQA+v/k4la7jurJ94FiQOEGegCJk9OrgW0wtwuSsckg9Sj1tsKYfeDbAkGmBTe2qjceqJBFwxhdsWulDCtTCLrS9/2CcBEqOh1VtVlAqAmyDkYQShQIDAQABo4HxMIHuMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIu3ejtvqtV5rtXmXU6dYePGPImPMFUGA1UdIwROMEyAFIu3ejtvqtV5rtXmXU6dYePGPImPoSqkKDAmMSQwIgYDVQQDDBtDUFUxNTEyU1AtdWZmaWNpby9PUENVQS0xLTKCCFiZ/8yWWp4AMA4GA1UdDwEB/wQEAwIC9DATBgNVHSUEDDAKBggrBgEFBQcDATBDBgNVHREEPDA6hjJ1cm46U0lNQVRJQy5TNy0xNTAwLk9QQy1VQVNlcnZlcjpDUFUxNTEyU1BfdWZmaWNpb4cEwKgL8DANBgkqhkiG9w0BAQsFAAOCAQEAAC3pyCj/QF3gMOO0kR7ty9hd0vCbyPGFI3EPYf2NV9GWCZ6yGgwQzIojEqy/FDb4S8wwZKCVT5wPF41OOqf1eJp7dcek7xsPZRliCL0sR86scB/XrRXRRISxwHJwldlgtN87PxTy3GzCWXaqexKadkUC5nUkuUY8F/Y+PBfQIo0TMfNaLbQUaU6BGgVso+V4fggYXJTB0Xok2JZP/PnoHVZBXRanEXkP6LTYpR32Nec2mxucVczToaw0cr3HhJl61wNldR5D+XRs1/+9qoSwCSJBNlSR93JnKv0ytNypPZnEG2SEfWC6nnEW0cITpCmOHeOaN031FJJAmTkwgK+mXQ==",
SecurityMode: 2,
SecurityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#Basic256",
UserIdentityTokens: Array(3, UserTokenPolicy) {
0: {
PolicyId: "UserName_Basic128Rsa15_Token",
TokenType: 1,
IssuedTokenType: NullString,
IssuerEndpointUrl: NullString,
SecurityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15"
},
1: {
PolicyId: "UserName_Basic256_Token",
TokenType: 1,
IssuedTokenType: NullString,
IssuerEndpointUrl: NullString,
SecurityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#Basic256"
},
2: {
PolicyId: "UserName_Basic256Sha256_Token",
TokenType: 1,
IssuedTokenType: NullString,
IssuerEndpointUrl: NullString,
SecurityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
}
},
TransportProfileUri: "http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary",
SecurityLevel: 60
}
}
}
[2023-03-17 11:08:37.279 (UTC+0100)] info/channel Connection 336 | SecureChannel 2951111525 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2023-03-17 11:08:37.279 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2023-03-17 11:08:37.279 (UTC+0100)] info/client The initially defined EndpointURL opc.tcp://192.168.11.240:4840is valid for the server
[2023-03-17 11:08:37.294 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: Good
{
DataType: EndpointDescription,
Value: Array(1, EndpointDescription) {
0: {
EndpointUrl: "opc.tcp://192.168.11.240:4840",
Server: {
ApplicationUri: "urn:SIMATIC.S7-1500.OPC-UAServer:CPU1512SP_ufficio",
ProductUri: "https://www.siemens.com/s7-1500",
ApplicationName: {
Locale: NullString,
Text: "SIMATIC.S7-1500.OPC-UAServer:CPU1512SP_ufficio"
},
ApplicationType: 0,
GatewayServerUri: NullString,
DiscoveryProfileUri: NullString,
DiscoveryUrls: Array(1, String) {
0: "opc.tcp://192.168.11.240:4840"
}
},
ServerCertificate: "MIIDwDCCAqigAwIBAgIIWJn/zJZangAwDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UEAwwbQ1BVMTUxMlNQLXVmZmljaW8vT1BDVUEtMS0yMB4XDTIyMDEyNTA5MTcyNFoXDTM3MDEyNTAwMDAwMFowJjEkMCIGA1UEAwwbQ1BVMTUxMlNQLXVmZmljaW8vT1BDVUEtMS0yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwnmp8Z4unhtAgDB2oCw7aualbRQV2vYq+CG6uqXfpesMgEwTcq8s0Qq8gmlpAMN4HpyscxBj3YMjIoqKjS6yR9Pr12anOZ6H5aJSdLNpkvzxY1/+yy5ZGAm4KI5cX0Fp2eQ871JHS1P6LyU9B5AFAAGa+HvrXvOBKiw4OcxJ7sb09XxulOG0ffOxelxOzciQMODGDDcsP8mQSGMODEAir23dxg0LVc8dtp0OQA+v/k4la7jurJ94FiQOEGegCJk9OrgW0wtwuSsckg9Sj1tsKYfeDbAkGmBTe2qjceqJBFwxhdsWulDCtTCLrS9/2CcBEqOh1VtVlAqAmyDkYQShQIDAQABo4HxMIHuMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIu3ejtvqtV5rtXmXU6dYePGPImPMFUGA1UdIwROMEyAFIu3ejtvqtV5rtXmXU6dYePGPImPoSqkKDAmMSQwIgYDVQQDDBtDUFUxNTEyU1AtdWZmaWNpby9PUENVQS0xLTKCCFiZ/8yWWp4AMA4GA1UdDwEB/wQEAwIC9DATBgNVHSUEDDAKBggrBgEFBQcDATBDBgNVHREEPDA6hjJ1cm46U0lNQVRJQy5TNy0xNTAwLk9QQy1VQVNlcnZlcjpDUFUxNTEyU1BfdWZmaWNpb4cEwKgL8DANBgkqhkiG9w0BAQsFAAOCAQEAAC3pyCj/QF3gMOO0kR7ty9hd0vCbyPGFI3EPYf2NV9GWCZ6yGgwQzIojEqy/FDb4S8wwZKCVT5wPF41OOqf1eJp7dcek7xsPZRliCL0sR86scB/XrRXRRISxwHJwldlgtN87PxTy3GzCWXaqexKadkUC5nUkuUY8F/Y+PBfQIo0TMfNaLbQUaU6BGgVso+V4fggYXJTB0Xok2JZP/PnoHVZBXRanEXkP6LTYpR32Nec2mxucVczToaw0cr3HhJl61wNldR5D+XRs1/+9qoSwCSJBNlSR93JnKv0ytNypPZnEG2SEfWC6nnEW0cITpCmOHeOaN031FJJAmTkwgK+mXQ==",
SecurityMode: 2,
SecurityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#Basic256",
UserIdentityTokens: Array(3, UserTokenPolicy) {
0: {
PolicyId: "UserName_Basic128Rsa15_Token",
TokenType: 1,
IssuedTokenType: NullString,
IssuerEndpointUrl: NullString,
SecurityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15"
},
1: {
PolicyId: "UserName_Basic256_Token",
TokenType: 1,
IssuedTokenType: NullString,
IssuerEndpointUrl: NullString,
SecurityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#Basic256"
},
2: {
PolicyId: "UserName_Basic256Sha256_Token",
TokenType: 1,
IssuedTokenType: NullString,
IssuerEndpointUrl: NullString,
SecurityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
}
},
TransportProfileUri: "http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary",
SecurityLevel: 60
}
}
}
If you could help me find a solution I would really appreciate it.
Mattia
Julius Pfrommer
Mar 17, 2023, 10:51:30 AM3/17/23
to mattia.g...@gmail.com, open62541
Just run the python tool
/tools/certs/create_certificate.py
It will create a certificate for you.
Once that works, you can go into details and adjust the URIs, and so on.
--
You received this message because you are subscribed to the Google Groups "open62541" group.
To unsubscribe from this group and stop receiving emails from it, send an email to open62541+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/open62541/6f191524-ebe5-4b67-9f81-3b2e621409c6n%40googlegroups.com.
mattia.g...@gmail.com
Mar 17, 2023, 11:45:35 AM3/17/23
to open62541
Hi Julius,
I've generated certificate and key files.
python create_self-signed.py c:\cert -c certName -k 2048 -u urn:SIMATIC.S7-1500.OPC-UAServer:CPU1512SP_ufficio
But when I try to launch client_connect it gives me this result. I don't understand what the problem is, can you help me?
client_connect.exe -username name -password pswplc -securityPolicy "http://opcfoundation.org/UA/SecurityPolicy#Basic256" -securityMode 2 -cert C:\cert\cerName_cert.der -key C:\cert\cerName_key.der opc.tcp://192.168.11.240:4840
[2023-03-17 16:42:39.090 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2023-03-17 16:42:39.091 (UTC+0100)] info/securitypolicy The Basic128Rsa15 security policy with openssl is added.
[2023-03-17 16:42:39.093 (UTC+0100)] info/securitypolicy The basic256 security policy with openssl is added.
[2023-03-17 16:42:39.096 (UTC+0100)] info/securitypolicy The basic256sha256 security policy with openssl is added.
[2023-03-17 16:42:39.097 (UTC+0100)] info/securitypolicy The Aes128Sha256RsaOaep security policy with openssl is added.
[2023-03-17 16:42:39.097 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2023-03-17 16:42:39.098 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-17 16:42:39.098 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2023-03-17 16:42:39.098 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2023-03-17 16:42:39.098 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
[2023-03-17 16:42:39.114 (UTC+0100)] info/channel Connection 344 | SecureChannel 2951111532 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2023-03-17 16:42:39.114 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2023-03-17 16:42:39.121 (UTC+0100)] info/client The initially defined EndpointURL opc.tcp://192.168.11.240:4840is valid for the server
[2023-03-17 16:42:39.132 (UTC+0100)] info/client Selected endpoint 0 in URL opc.tcp://192.168.11.240:4840 with SecurityMode Sign and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2023-03-17 16:42:39.132 (UTC+0100)] info/client Selected UserTokenPolicy UserName_Basic128Rsa15_Token with UserTokenType UserName and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-17 16:42:39.132 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: Good
[2023-03-17 16:42:39.132 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2023-03-17 16:42:39.133 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-17 16:42:39.133 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2023-03-17 16:42:39.134 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2023-03-17 16:42:39.134 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
[2023-03-17 16:42:39.155 (UTC+0100)] info/securitypolicy The basic256 security policy channel with openssl is created.
[2023-03-17 16:42:40.827 (UTC+0100)] warn/channel Connection 344 | SecureChannel 0 | Receiving the response failed with StatusCode BadCertificateUntrusted
[2023-03-17 16:42:40.827 (UTC+0100)] info/securitypolicy The basic256 security policy channel with openssl is deleted.
[2023-03-17 16:42:40.828 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: BadConnectionClosed
[2023-03-17 16:42:40.828 (UTC+0100)] info/userland Could not connect
[2023-03-17 16:42:39.090 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2023-03-17 16:42:39.091 (UTC+0100)] info/securitypolicy The Basic128Rsa15 security policy with openssl is added.
[2023-03-17 16:42:39.093 (UTC+0100)] info/securitypolicy The basic256 security policy with openssl is added.
[2023-03-17 16:42:39.096 (UTC+0100)] info/securitypolicy The basic256sha256 security policy with openssl is added.
[2023-03-17 16:42:39.097 (UTC+0100)] info/securitypolicy The Aes128Sha256RsaOaep security policy with openssl is added.
[2023-03-17 16:42:39.097 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2023-03-17 16:42:39.098 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-17 16:42:39.098 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2023-03-17 16:42:39.098 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2023-03-17 16:42:39.098 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
[2023-03-17 16:42:39.114 (UTC+0100)] info/channel Connection 344 | SecureChannel 2951111532 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2023-03-17 16:42:39.114 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2023-03-17 16:42:39.121 (UTC+0100)] info/client The initially defined EndpointURL opc.tcp://192.168.11.240:4840is valid for the server
[2023-03-17 16:42:39.132 (UTC+0100)] info/client Selected endpoint 0 in URL opc.tcp://192.168.11.240:4840 with SecurityMode Sign and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2023-03-17 16:42:39.132 (UTC+0100)] info/client Selected UserTokenPolicy UserName_Basic128Rsa15_Token with UserTokenType UserName and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-17 16:42:39.132 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: Good
[2023-03-17 16:42:39.132 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2023-03-17 16:42:39.133 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-17 16:42:39.133 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2023-03-17 16:42:39.134 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2023-03-17 16:42:39.134 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
[2023-03-17 16:42:39.155 (UTC+0100)] info/securitypolicy The basic256 security policy channel with openssl is created.
[2023-03-17 16:42:40.827 (UTC+0100)] warn/channel Connection 344 | SecureChannel 0 | Receiving the response failed with StatusCode BadCertificateUntrusted
[2023-03-17 16:42:40.827 (UTC+0100)] info/securitypolicy The basic256 security policy channel with openssl is deleted.
[2023-03-17 16:42:40.828 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: BadConnectionClosed
[2023-03-17 16:42:40.828 (UTC+0100)] info/userland Could not connect
Mattia
mattia.g...@gmail.com
Mar 21, 2023, 4:15:44 AM3/21/23
to open62541
Hello,
I have an update. By removing the securityPolicy and securityMode commands, the client is able to connect.
By removing the securityPolicy and securityMode commands, the client is able to connect. But I get the following warnings. Could you help me understand what's going on? Why I can not select the security policy?
client_connect.exe -username name -password pswplc -cert C:\cert\certName_cert.der -key C:\cert\certName_key.der opc.tcp://192.168.11.240:4840
[2023-03-21 08:54:10.802 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2023-03-21 08:54:10.802 (UTC+0100)] info/securitypolicy The Basic128Rsa15 security policy with openssl is added.
[2023-03-21 08:54:10.802 (UTC+0100)] info/securitypolicy The basic256 security policy with openssl is added.
[2023-03-21 08:54:10.802 (UTC+0100)] info/securitypolicy The basic256sha256 security policy with openssl is added.
[2023-03-21 08:54:10.802 (UTC+0100)] info/securitypolicy The Aes128Sha256RsaOaep security policy with openssl is added.
[2023-03-21 08:54:10.802 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2023-03-21 08:54:10.802 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-21 08:54:10.818 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2023-03-21 08:54:10.818 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2023-03-21 08:54:10.818 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
[2023-03-21 08:54:10.833 (UTC+0100)] info/channel Connection 336 | SecureChannel 729792256 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2023-03-21 08:54:10.833 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2023-03-21 08:54:10.833 (UTC+0100)] info/client The initially defined EndpointURL opc.tcp://192.168.11.240:4840is valid for the server
[2023-03-21 08:54:10.849 (UTC+0100)] info/client Selected endpoint 0 in URL opc.tcp://192.168.11.240:4840 with SecurityMode None and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2023-03-21 08:54:10.849 (UTC+0100)] info/client Selected UserTokenPolicy UserName_Basic128Rsa15_Token with UserTokenType UserName and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-21 08:54:10.880 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Created, ConnectStatus: Good
[2023-03-21 08:54:10.880 (UTC+0100)] info/securitypolicy The Basic128Rsa15 security policy channel with openssl is created.
[2023-03-21 08:54:10.880 (UTC+0100)] info/securitypolicy The Basic128Rsa15 security policy channel with openssl is deleted.
[2023-03-21 08:54:11.458 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Activated, ConnectStatus: Good
[2023-03-21 08:54:11.458 (UTC+0100)] info/userland Connected!
[2023-03-21 08:54:11.475 (UTC+0100)] info/userland The server date is: 21-03-2023 07:54:09.608
[2023-03-21 08:54:11.475 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: Good
[2023-03-21 08:54:10.802 (UTC+0100)] warn/userland AcceptAll Certificate Verification. Any remote certificate will be accepted.
[2023-03-21 08:54:10.802 (UTC+0100)] info/securitypolicy The Basic128Rsa15 security policy with openssl is added.
[2023-03-21 08:54:10.802 (UTC+0100)] info/securitypolicy The basic256 security policy with openssl is added.
[2023-03-21 08:54:10.802 (UTC+0100)] info/securitypolicy The basic256sha256 security policy with openssl is added.
[2023-03-21 08:54:10.802 (UTC+0100)] info/securitypolicy The Aes128Sha256RsaOaep security policy with openssl is added.
[2023-03-21 08:54:10.802 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2023-03-21 08:54:10.802 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-21 08:54:10.818 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256
[2023-03-21 08:54:10.818 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2023-03-21 08:54:10.818 (UTC+0100)] warn/client The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
[2023-03-21 08:54:10.833 (UTC+0100)] info/channel Connection 336 | SecureChannel 729792256 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2023-03-21 08:54:10.833 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2023-03-21 08:54:10.833 (UTC+0100)] info/client The initially defined EndpointURL opc.tcp://192.168.11.240:4840is valid for the server
[2023-03-21 08:54:10.849 (UTC+0100)] info/client Selected endpoint 0 in URL opc.tcp://192.168.11.240:4840 with SecurityMode None and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2023-03-21 08:54:10.849 (UTC+0100)] info/client Selected UserTokenPolicy UserName_Basic128Rsa15_Token with UserTokenType UserName and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
[2023-03-21 08:54:10.880 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Created, ConnectStatus: Good
[2023-03-21 08:54:10.880 (UTC+0100)] info/securitypolicy The Basic128Rsa15 security policy channel with openssl is created.
[2023-03-21 08:54:10.880 (UTC+0100)] info/securitypolicy The Basic128Rsa15 security policy channel with openssl is deleted.
[2023-03-21 08:54:11.458 (UTC+0100)] info/client Client Status: ChannelState: Open, SessionState: Activated, ConnectStatus: Good
[2023-03-21 08:54:11.458 (UTC+0100)] info/userland Connected!
[2023-03-21 08:54:11.475 (UTC+0100)] info/userland The server date is: 21-03-2023 07:54:09.608
[2023-03-21 08:54:11.475 (UTC+0100)] info/client Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: Good
Ciao
Mattia
Reply all
Reply to author
Forward
0 new messages