thingsboard-gateway icon indicating copy to clipboard operation
thingsboard-gateway copied to clipboard
verified publisher icon thingsboard

[HELP] Unable to connect to a OPCUA server with Basic256Sha256

Open andersenthomas98 opened this issue 10 months ago • 2 comments

I am not able to connect to a OPCUA server with Basic256Sha256 security policy due to the error BadCertificateInvalidUri(2148990976)

According to this old issue I might be missing an application uri, although I cannot find it documented anywhere. However, adding the uri to the OPCUA connector configuration does not seem to help either.

Here is my OPCUA connector configuration

{
  "server": {
    "url": "opc.tcp://*****",
    "timeoutInMillis": 5000,
    "scanPeriodInMillis": 3600000,
    "enableSubscriptions": false,
    "subCheckPeriodInMillis": 60000,
    "showMap": true,
    "security": "Basic256Sha256",
    "identity": {
      "type": "cert.PEM",
      "cert": "/thingsboard_gateway/config/credentials/kepserver/tbgw_cert.pem",
      "privateKey": "/thingsboard_gateway/config/credentials/kepserver/tbgw_key.pem",
      "mode": "SignAndEncrypt",
      "username": "******",
      "password": "******"
    },
    "pollPeriodInMillis": 60000
  },
  ...
}

Error:

Image

Versions:

  • Docker: 27.3.1
  • Thingsboard IoT Gateway version: 3.6.3

andersenthomas98 avatar Feb 13 '25 12:02 andersenthomas98

FYI, I am trying to connect to KepserverEx.

andersenthomas98 avatar Feb 18 '25 13:02 andersenthomas98

Hi @andersenthomas98, thanks for your interest in ThingsBoard IoT Gateway! We are trying to reproduce your issue with Prosys OPC-UA Simulation Server, and everything works fine. As you can see from the error, you should provide the Certificate URI. Also, set CA Certificate in the connector config section.

Image

samson0v avatar May 13 '25 07:05 samson0v

ca.pem怎么生成,怎么连接kepserverex

kpdqzxl avatar Jul 16 '25 06:07 kpdqzxl

证书 URI怎么提供,我是连接KepserverEx,仍然没有解决;[opcua_connector.py] - opcua_connector retry_connect_with_backoff - 443 - Encountered error: BadSecurityChecksFailed(2148728832). Next connection try in 128 second(s)...

kpdqzxl avatar Jul 16 '25 10:07 kpdqzxl

application uri在哪设置?

kpdqzxl avatar Jul 23 '25 17:07 kpdqzxl

Hi @andersenthomas98 , thank you for your interest in ThingsBoard IoT Gateway! We are pleased to announce that this bug will be fixed in the next release of Gateway. So let's stay connected!

samson0v avatar Sep 24 '25 12:09 samson0v

I have had the same issue even if I added a correct uri in the certificate.

I discovered using wireshark that the gateway is sending a request to the server using a different uri so your server will answer with this error because:

  1. you did not added a uri when creating a certificate
  2. you need to match the uri that the gateway is sending.

So in short you need to add the same uri the gateway is sending to the server. Even if you add another one you will get the same error.

If you want to check it yourself, use wireshark on the host of you gateway server , filter on opcua protocol.

mberetvas avatar Sep 25 '25 18:09 mberetvas

We will add an example to the documentation about how to connect to a certificate-based OPC-UA server.

samson0v avatar Oct 28 '25 12:10 samson0v