Search code examples
c#opc-ua

OPC UA Certificate key doesn't meet minimum length requirement

I am using the OPCFoundation/UA-.NETStandard components (version 1.4.371.60) to communicate with an OPC Server in one of our products for testing purposes. The whole system is in-house and on a separate network segment so security is not an issue in this case.

Recently a new problem has arisen with certain product versions so that I cannot connect.

I always connect with SecurityMode=none & SecurityPolicy=none. The error now is OpcException: Certificate validation failed with error code 0x8114000 and the description says that the minimum length requirement of 2048 was not met.

I have used UaExpert to connect to the same server and that is successful but I have no idea which library it uses.

I have tried overriding the following attributes but with no success.

application.ApplicationConfiguration.SecurityConfiguration.AutoAcceptUntrustedCertificates = true;
application.ApplicationConfiguration.SecurityConfiguration.MinimumCertificateKeySize = 1024;
application.ApplicationConfiguration.SecurityConfiguration.RejectSHA1SignedCertificates = false;

Am I missing something? Can I override and ignore this error somehow?

Solution

  • I have managed to get it working as I want. The problem was in the way I was initialising the components. I had created a new CertificateValidator and then set up the ApplicationConfiguration (including the MinimumCertificateKeySize). What I needed to do was to Update the validator with the application configuration as it is the validator which needs to know the min cert size.

    var certificateValidator = new CertificateValidator();
certificateValidator.CertificateValidation += (sender, eventArgs) =>
{
// handle event
};

// Build the application configuration 
var applicationConfiguration = new ApplicationConfiguration
{
ApplicationUri = server.ToString(),
ApplicationName = "UaClientTest",
ApplicationType = ApplicationType.Client,
CertificateValidator = certificateValidator,
SecurityConfiguration = new SecurityConfiguration
{
    AutoAcceptUntrustedCertificates = true,
    MinimumCertificateKeySize=1024, /* Default is 2048 but steuerung only has 1024 */
    RejectSHA1SignedCertificates=false
},
// more config here...
};

// IMPORTANT: update config in cert handling
certificateValidator.Update(applicationConfiguration);