Type of issue
Current Behavior
we have a GDS which is having UA Client trying to connect to OPC Server in a controller device.
OPC Server in Controller is using IDevID (attached below)
Certificate for the initial connection . which is created as per IEC Standard. IDevID is in attachment.
UA Client (in GDS ) while trying to connect with UA Server (in controller ) getting below exception from the SDK code as below.
is it because of key usage content or some other reason? any suggestion , how we can get connected using same Idev certficate ?
2025-02-05 15:59:34.293 +08:00 [ERR] Certificate Signing Failed for Server PM21-HAORANLI (opc.tcp://PM21-HAORANLI:48013/): Opc.Ua.ServiceResultException: Usage of certificate is not allowed.
---> Opc.Ua.ServiceResultException: Usage of certificate is not allowed.
--- End of inner exception stack trace ---
at Opc.Ua.CertificateValidator.HandleCertificateValidationException(ServiceResultException se, X509Certificate2 certificate, X509Certificate2Collection chain)
at Opc.Ua.CertificateValidator.ValidateAsync(X509Certificate2Collection chain, ConfiguredEndpoint endpoint, CancellationToken ct)
at Opc.Ua.Client.Session.OpenAsync(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList1 preferredLocales, Boolean checkDomain, CancellationToken ct) at Opc.Ua.Client.Session.Create(ISessionInstantiator sessionInstantiator, ApplicationConfiguration configuration, ITransportWaitingConnection connection, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList1 preferredLocales, CancellationToken ct)
at Opc.Ua.Client.DefaultSessionFactory.CreateAsync(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, CancellationToken ct)
at Opc.Ua.Gds.Client.ServerPushConfigurationClient.Connect(ConfiguredEndpoint endpoint)
at ABBGlobalDiscoveryServer.PushManagementService.ServerConnect(UserIdentity serveridentity, ServerPushConfigurationClient pushserver) in C:\Users\INPUDC\Downloads\GDSMain\src\ABBGlobalDiscoveryServer\PushManagement\PushManagementService.cs:line 251
at ABBGlobalDiscoveryServer.PushManagementService.StartServiceToSignApplications() in C:\Users\INPUDC\Downloads\GDSMain\src\ABBGlobalDiscoveryServer\PushManagement\PushManagementService.cs:line 106 { }
Expected Behavior
UA CLient in GDS must be able to connect to UA Server which uses IDevID for initial handshaking . after this connection OPC Server will accept CSR request and GDS client will push signed certificate to Server and it will used for data communication .
IdevID is used only for initial connection. same connection will used to push certificate using spec12 push interface functions .
Steps To Reproduce
No response
Environment
- OS:
- Environment:
- Runtime:
- Nuget Version:
- Component:
- Server:
- Client:
Anything else?
DCA_PKI 1.zip
@ @
Type of issue
Current Behavior
we have a GDS which is having UA Client trying to connect to OPC Server in a controller device.
OPC Server in Controller is using IDevID (attached below)
Certificate for the initial connection . which is created as per IEC Standard. IDevID is in attachment.
UA Client (in GDS ) while trying to connect with UA Server (in controller ) getting below exception from the SDK code as below.
is it because of key usage content or some other reason? any suggestion , how we can get connected using same Idev certficate ?
2025-02-05 15:59:34.293 +08:00 [ERR] Certificate Signing Failed for Server PM21-HAORANLI (opc.tcp://PM21-HAORANLI:48013/): Opc.Ua.ServiceResultException: Usage of certificate is not allowed.
---> Opc.Ua.ServiceResultException: Usage of certificate is not allowed.
--- End of inner exception stack trace ---
at Opc.Ua.CertificateValidator.HandleCertificateValidationException(ServiceResultException se, X509Certificate2 certificate, X509Certificate2Collection chain)
at Opc.Ua.CertificateValidator.ValidateAsync(X509Certificate2Collection chain, ConfiguredEndpoint endpoint, CancellationToken ct)
at Opc.Ua.Client.Session.OpenAsync(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList
1 preferredLocales, Boolean checkDomain, CancellationToken ct) at Opc.Ua.Client.Session.Create(ISessionInstantiator sessionInstantiator, ApplicationConfiguration configuration, ITransportWaitingConnection connection, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList1 preferredLocales, CancellationToken ct)at Opc.Ua.Client.DefaultSessionFactory.CreateAsync(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, CancellationToken ct)
at Opc.Ua.Gds.Client.ServerPushConfigurationClient.Connect(ConfiguredEndpoint endpoint)
at ABBGlobalDiscoveryServer.PushManagementService.ServerConnect(UserIdentity serveridentity, ServerPushConfigurationClient pushserver) in C:\Users\INPUDC\Downloads\GDSMain\src\ABBGlobalDiscoveryServer\PushManagement\PushManagementService.cs:line 251
at ABBGlobalDiscoveryServer.PushManagementService.StartServiceToSignApplications() in C:\Users\INPUDC\Downloads\GDSMain\src\ABBGlobalDiscoveryServer\PushManagement\PushManagementService.cs:line 106 { }
Expected Behavior
UA CLient in GDS must be able to connect to UA Server which uses IDevID for initial handshaking . after this connection OPC Server will accept CSR request and GDS client will push signed certificate to Server and it will used for data communication .
IdevID is used only for initial connection. same connection will used to push certificate using spec12 push interface functions .
Steps To Reproduce
No response
Environment
Anything else?
DCA_PKI 1.zip
@ @