我正在尝试使用带有Beckhoff服务器的OPCUA客户端建立安全连接。我收到错误控制证书不受信任。有关如何从这里开始的任何建议?
public bool connect(string url) {
// TODO implement security
// select the best endpoint.
EndpointDescription endpointDescription;
try {
endpointDescription = ClientUtils.SelectEndpoint(url, true);
} catch {
return false;
}
endpointDescription.SecurityPolicyUri = SecurityPolicies.Basic128Rsa15;
endpointDescription.SecurityMode = MessageSecurityMode.SignAndEncrypt;
EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(appConfig());
ConfiguredEndpoint endpoint = new ConfiguredEndpoint(null, endpointDescription, endpointConfiguration);
m_session = Session.Create(
appConfig(),
endpoint,
false,
false,
"Experiment",
60000,
useridentety,
preferredLocales);
// set up keep alive callback.
// TODO Verbindungsabbrüche behandeln
//m_session.KeepAlive += new KeepAliveEventHandler(Session_KeepAlive);
return m_session.Connected;
}
错误:
2016-07-06 14:34:58.6683|ERROR|Control|Certificate is not trusted.
SubjectName: CN=TcOpcUaServer@192.168.3.222, OU=Unit, O=Organization, L=LocationName, C=DE, DC=CX-25C711 IssuerName: CN=TcOpcUaServer@192.168.3.222, OU=Unit, O=Organization, L=LocationName, C=DE, DC=CX-25C711 bei Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain) in C:\VIPA_OPC_NetClient\UANET\Stack\Core\Security\Certificates\CertificateValidator.cs:Zeile 249.bei Opc.Ua.CertificateValidator.Validate(X509Certificate2 certificate) in C:\VIPA_OPC_NetClient\UA-NET\Stack\Core\Security\Certificates\CertificateValidator.cs:Zeile 161.
bei Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales) in C:\OPC_NetClient\UA-NET\SampleApplications\SampleLibraries\Client\Session.cs:Zeile 1980.
bei Opc.Ua.Client.Session.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales) in C:\OPC_NetClient\UA-NET\SampleApplications\SampleLibraries\Client\Session.cs:Zeile 818.
bei PerformanceTest.Experiment.connect(String url) in C:\OPC_NetClient\PerformanceTest\Experiment.cs:Zeile 210.
bei PerformanceTest.MainForm.runExperiment() in C:\OPC_NetClient\PerformanceTest\MainForm.cs:Zeile 148.
2016-07-06 14:34:58.6683|ERROR|Control|Certificate is not trusted.
SubjectName: CN=TcOpcUaServer@192.168.3.222, OU=Unit, O=Organization, L=LocationName, C=DE, DC=CX-25C711
IssuerName: CN=TcOpcUaServer@192.168.3.222, OU=Unit, O=Organization, L=LocationName, C=DE, DC=CX-25C711
bei Opc.Ua.CertificateValidator.InternalValidate(X509Certificate2Collection certificates) in C:\VIPA_OPC_NetClient\UA-NET\Stack\Core\Security\Certificates\CertificateValidator.cs:Zeile 755.
bei Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain) in C:\VIPA_OPC_NetClient\UA-NET\Stack\Core\Security\Certificates\CertificateValidator.cs:Zeile 189.
2016-07-06 14:34:58.6933|ERROR|Control|Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei PerformanceTest.Experiment.disconnect() in C:\OPC_NetClient\PerformanceTest\Experiment.cs:Zeile 254.
bei PerformanceTest.MainForm.runExperiment() in C:\OPC_NetClient\PerformanceTest\MainForm.cs:Zeile 168.
2016-07-06 14:34:58.6933|INFO|Control|Done running experiment
答案 0 :(得分:1)
您的证书验证令人心惊,因为您的证书上的CN不受服务器信任。我想您自己生成了证书,但服务器可能认为TcOpcUaServer@192.168.3.222无效。我不了解Beckhoff服务器的工作原理,您应该向开发人员寻求有关此主题的帮助。
IssuerName和SubjectName也不应该相等。
检查证书中数据的好工具是keystore-explorer
比特拿铁抱歉,但希望有所帮助。