opcua-asyncio
opcua-asyncio copied to clipboard
FreeOpcUa
Sync Client Encrypted Connection Failed to KepServerEx
Client can not start a connection to a KepServerEx server(v 6.13) with using any encrypted method. Setting security to None and not using any certificates is fine. Server info is:
Algorithm: Basic256Sha256 Method: SignAndEncrypt Certificate: Generated by KepServerEx
Minimal code that I'm using:
from asyncua.sync import Client
def main():
url = r"opc.tcp://username:[email protected]:49320"
client = Client(url)
client.load_client_certificate("<cert_path>")
client.connect()
print(client)
client.disconnect()
if __name__ == "__main__":
main()
Running this code raises this exception:
Full stack trace
ServiceFault (BadSecurityChecksFailed, diagnostics: DiagnosticInfo(SymbolicId=None, NamespaceURI=None, Locale=None, LocalizedText=None, AdditionalInfo=None, InnerStatusCode=None, InnerDiagnosticInfo=None)) from server received in response to CreateSessionRequest
Traceback (most recent call last):
File "client_certificate.py", line 19, in <module>
main()
File "client_certificate.py", line 14, in main
client.connect()
File "<project_dir>\venv\lib\site-packages\asyncua\sync.py", line 96, in wrapper
result = self.tloop.post(aio_func(*args, **kwargs))
File "<project_dir>\venv\lib\site-packages\asyncua\sync.py", line 54, in post
return futur.result()
File "C:\Users\Acer\AppData\Local\Programs\Python\Python39\lib\concurrent\futures\_base.py", line 446, in result
return self.__get_result()
File "C:\Users\Acer\AppData\Local\Programs\Python\Python39\lib\concurrent\futures\_base.py", line 391, in __get_result
raise self._exception
File "<project_dir>\venv\lib\site-packages\asyncua\client\client.py", line 294, in connect
await self.create_session()
File "<project_dir>\venv\lib\site-packages\asyncua\client\client.py", line 474, in create_session
response = await self.uaclient.create_session(params)
File "<project_dir>\venv\lib\site-packages\asyncua\client\ua_client.py", line 335, in create_session
data = await self.protocol.send_request(request)
File "<project_dir>\venv\lib\site-packages\asyncua\client\ua_client.py", line 172, in send_request
self.check_answer(data, f" in response to {request.__class__.__name__}")
File "<project_dir>\venv\lib\site-packages\asyncua\client\ua_client.py", line 181, in check_answer
hdr.ServiceResult.check()
File "<project_dir>\venv\lib\site-packages\asyncua\ua\uatypes.py", line 373, in check
raise UaStatusCodeError(self.value)
asyncua.ua.uaerrors._auto.BadSecurityChecksFailed: An error occurred verifying security.(BadSecurityChecksFailed)
Version
Python-Version: 3.9
opcua-asyncio Version (e.g. master branch, 0.9): (pip) 1.0.4
I've tried several workarounds and still could not succeed. Does this connection requires a .pem key? If so, how can i retrieve it?
I've managed a walkaround with the issue.
Instead of using the certificate generated by KepServerEx, I've generated private keys and certificates using the example generate certificate.py.
After generating the certificate, I've added the ca_application.der to trusted clients in OPC UA configuration:
By using client.set_security_string and providing the paths of certificate and private key that i've generated, i've managed to establish an encrypted session.
Hope this helps others tackle the same problem. However, I'm not closing this issue if an expert may be able to provide a more correct and broader explanation to this issue.
You can not use the server certificate. You must always have a cert matching your client.
