c#asp.net-coreopc-uaopc
How do I create the correct application certificate to work with the OPC UA server?
I am trying to create my own OPC UA client. I am using Nuget Package OPCFoundation.NetStandard.Opc.Ua. For this I used the following code example:
using System;
using System.Collections.Generic;
using System.Windows.Forms;
using Opc.Ua; // Install-Package OPCFoundation.NetStandard.Opc.Ua
using Opc.Ua.Client;
using Opc.Ua.Configuration;
using System.Threading;
namespace Test_OPC_UA
{
public partial class Form1 : Form
{
//creating a object that encapsulates the netire OPC UA Server related work
OPCUAClass myOPCUAServer;
//creating a dictionary of Tags that would be captured from the OPC UA Server
Dictionary<String, Form1.OPCUAClass.TagClass> TagList = new Dictionary<String, Form1.OPCUAClass.TagClass>();
public Form1()
{
InitializeComponent();
//Add tags to the Tag List, For each tag, you have to define the name of the tag and its address
//the address can typically be found by browsing the OPC UA Server's tree. In the example below
// The OPC Server had the following hierarchy: M0401 -> CPU945 -> IBatchOutput
//i used TBC0401 as a name of the tag, you can use any name
//add as many tags as you want to capture
TagList.Add("TBC0401", new Form1.OPCUAClass.TagClass("TBC0401", "M0401.CPU945.iBatchOutput"));
//to initialize the OPC UA Server, provide the IP Address, Port Number, the list of tags you want to capture
//in some OPC UA servers and kepware aswell the session can be closed by the OPC UA Server, so its better to
//allow the class to reinitiate session periodically, before renewing current sessions are closed
myOPCUAServer = new OPCUAClass("127.0.0.1", "49320", TagList, true, 1, "2");
//once the OPC Server has been initialized, you can easily read Tag values and even see when they were
// updated last time
//as an example i could read the TBC0401 tag by:
var tagCurrentValue = TagList["TBC0401"].CurrentValue;
var tagLastGoodValue = TagList["TBC0401"].LastGoodValue;
var lastTimeTagupdated = TagList["TBC0401"].LastUpdatedTime;
}
public class OPCUAClass
{
public string ServerAddress { get; set; }
public string ServerPortNumber { get; set; }
public bool SecurityEnabled { get; set; }
public string MyApplicationName { get; set; }
public Session OPCSession { get; set; }
public string OPCNameSpace { get; set; }
public Dictionary<string, TagClass> TagList { get; set; }
public bool SessionRenewalRequired { get; set; }
public double SessionRenewalPeriodMins { get; set; }
public DateTime LastTimeSessionRenewed { get; set; }
public DateTime LastTimeOPCServerFoundAlive { get; set; }
public bool ClassDisposing { get; set; }
public bool InitialisationCompleted { get; set; }
private Thread RenewerTHread { get; set; }
public OPCUAClass(string serverAddres, string serverport, Dictionary<string, TagClass> taglist, bool sessionrenewalRequired, double sessionRenewalMinutes, string nameSpace)
{
ServerAddress = serverAddres;
ServerPortNumber = serverport;
MyApplicationName = "MyApplication";
TagList = taglist;
SessionRenewalRequired = sessionrenewalRequired;
SessionRenewalPeriodMins = sessionRenewalMinutes;
OPCNameSpace = nameSpace;
LastTimeOPCServerFoundAlive = DateTime.Now;
InitializeOPCUAClient();
if (SessionRenewalRequired)
{
LastTimeSessionRenewed = DateTime.Now;
RenewerTHread = new Thread(renewSessionThread);
RenewerTHread.Start();
}
}
//class destructor
~OPCUAClass()
{
ClassDisposing = true;
try
{
OPCSession.Close();
OPCSession.Dispose();
OPCSession = null;
RenewerTHread.Abort();
}
catch { }
}
private void renewSessionThread()
{
while (!ClassDisposing)
{
if ((DateTime.Now - LastTimeSessionRenewed).TotalMinutes > SessionRenewalPeriodMins
|| (DateTime.Now - LastTimeOPCServerFoundAlive).TotalSeconds > 60)
{
Console.WriteLine("Renewing Session");
try
{
OPCSession.Close();
OPCSession.Dispose();
}
catch { }
InitializeOPCUAClient();
LastTimeSessionRenewed = DateTime.Now;
}
Thread.Sleep(2000);
}
}
public void InitializeOPCUAClient()
{
//Console.WriteLine("Step 1 - Create application configuration and certificate.");
var config = new ApplicationConfiguration()
{
ApplicationName = MyApplicationName,
ApplicationUri = Utils.Format(@"urn:{0}:" + MyApplicationName + "", ServerAddress),
ApplicationType = ApplicationType.Client,
SecurityConfiguration = new SecurityConfiguration
{
ApplicationCertificate = new CertificateIdentifier { StoreType = @"Directory", StorePath = @"%CommonApplicationData%\OPC Foundation\CertificateStores\MachineDefault", SubjectName = Utils.Format(@"CN={0}, DC={1}", MyApplicationName, ServerAddress) },
TrustedIssuerCertificates = new CertificateTrustList { StoreType = @"Directory", StorePath = @"%CommonApplicationData%\OPC Foundation\CertificateStores\UA Certificate Authorities" },
TrustedPeerCertificates = new CertificateTrustList { StoreType = @"Directory", StorePath = @"%CommonApplicationData%\OPC Foundation\CertificateStores\UA Applications" },
RejectedCertificateStore = new CertificateTrustList { StoreType = @"Directory", StorePath = @"%CommonApplicationData%\OPC Foundation\CertificateStores\RejectedCertificates" },
AutoAcceptUntrustedCertificates = true,
AddAppCertToTrustedStore = true
},
TransportConfigurations = new TransportConfigurationCollection(),
TransportQuotas = new TransportQuotas { OperationTimeout = 15000 },
ClientConfiguration = new ClientConfiguration { DefaultSessionTimeout = 60000 },
TraceConfiguration = new TraceConfiguration()
};
config.Validate(ApplicationType.Client).GetAwaiter().GetResult();
if (config.SecurityConfiguration.AutoAcceptUntrustedCertificates)
{
config.CertificateValidator.CertificateValidation += (s, e) => { e.Accept = (e.Error.StatusCode == StatusCodes.BadCertificateUntrusted); };
}
var application = new ApplicationInstance
{
ApplicationName = MyApplicationName,
ApplicationType = ApplicationType.Client,
ApplicationConfiguration = config
};
application.CheckApplicationInstanceCertificate(false, 2048).GetAwaiter().GetResult();
//string serverAddress = Dns.GetHostName();
string serverAddress = ServerAddress; ;
var selectedEndpoint = CoreClientUtils.SelectEndpoint("opc.tcp://" + serverAddress + ":" + ServerPortNumber + "", useSecurity: SecurityEnabled, operationTimeout: 15000);
// Console.WriteLine($"Step 2 - Create a session with your server: {selectedEndpoint.EndpointUrl} ");
OPCSession = Session.Create(config, new ConfiguredEndpoint(null, selectedEndpoint, EndpointConfiguration.Create(config)), false, "", 60000, null, null).GetAwaiter().GetResult();
{
//Console.WriteLine("Step 4 - Create a subscription. Set a faster publishing interval if you wish.");
var subscription = new Subscription(OPCSession.DefaultSubscription) { PublishingInterval = 1000 };
//Console.WriteLine("Step 5 - Add a list of items you wish to monitor to the subscription.");
var list = new List<MonitoredItem> { };
//list.Add(new MonitoredItem(subscription.DefaultItem) { DisplayName = "M0404.CPU945.iBatchOutput", StartNodeId = "ns=2;s=M0404.CPU945.iBatchOutput" });
list.Add(new MonitoredItem(subscription.DefaultItem) { DisplayName = "ServerStatusCurrentTime", StartNodeId = "i=2258" });
foreach (KeyValuePair<string, TagClass> td in TagList)
{
list.Add(new MonitoredItem(subscription.DefaultItem) { DisplayName = td.Value.DisplayName, StartNodeId = "ns=" + OPCNameSpace + ";s=" + td.Value.NodeID + "" });
}
list.ForEach(i => i.Notification += OnTagValueChange);
subscription.AddItems(list);
//Console.WriteLine("Step 6 - Add the subscription to the session.");
OPCSession.AddSubscription(subscription);
subscription.Create();
}
}
public class TagClass
{
public TagClass(string displayName, string nodeID)
{
DisplayName = displayName;
NodeID = nodeID;
}
public DateTime LastUpdatedTime { get; set; }
public DateTime LastSourceTimeStamp { get; set; }
public string StatusCode { get; set; }
public string LastGoodValue { get; set; }
public string CurrentValue { get; set; }
public string NodeID { get; set; }
public string DisplayName { get; set; }
}
public void OnTagValueChange(MonitoredItem item, MonitoredItemNotificationEventArgs e)
{
foreach (var value in item.DequeueValues())
{
if (item.DisplayName == "ServerStatusCurrentTime")
{
LastTimeOPCServerFoundAlive = value.SourceTimestamp.ToLocalTime();
}
else
{
if (value.Value != null)
Console.WriteLine("{0}: {1}, {2}, {3}", item.DisplayName, value.Value.ToString(), value.SourceTimestamp.ToLocalTime(), value.StatusCode);
else
Console.WriteLine("{0}: {1}, {2}, {3}", item.DisplayName, "Null Value", value.SourceTimestamp, value.StatusCode);
if (TagList.ContainsKey(item.DisplayName))
{
if (value.Value != null)
{
TagList[item.DisplayName].LastGoodValue = value.Value.ToString();
TagList[item.DisplayName].CurrentValue = value.Value.ToString();
TagList[item.DisplayName].LastUpdatedTime = DateTime.Now;
TagList[item.DisplayName].LastSourceTimeStamp = value.SourceTimestamp.ToLocalTime();
TagList[item.DisplayName].StatusCode = value.StatusCode.ToString();
}
else
{
TagList[item.DisplayName].StatusCode = value.StatusCode.ToString();
TagList[item.DisplayName].CurrentValue = null;
}
}
}
}
InitialisationCompleted = true;
}
}
}
}
It works. But I needed to connect to another OPC UA server and I started getting an error message: ApplicationCertificate cannot be found. It happens in this line: OPCSession = Session.Create(... I'm pretty sure the problem is that the application certificate was not created correctly. I'm talking about this line:
ApplicationCertificate = new CertificateIdentifier { StoreType = @"Directory", StorePath = @"%CommonApplicationData%\OPC Foundation\CertificateStores\MachineDefault", SubjectName = Utils.Format(@"CN={0}, DC={1}", MyApplicationName, ServerAddress) },
How can I find out how to correctly create a certificate for a specific OPC UA server? Or could the problem be elsewhere?
UPD: If it matters, the client is on a Debian virtual machine and the server is on a real Windows 10 machine.
Solution
On linux it is recommended to use LocalApplicationData instead of CommonApplicationData explained here
Make sure your server autoaccepts (only during development) client certificates or put in manually in the server.
Using CertificateIdentifier will search for a certificate with "MySubjectName":
ApplicationCertificate = new CertificateIdentifier { StoreType = @"Directory", StorePath = @"%LocalApplicationData%/OPCFoundation/CertificateStores/MachineDefault", SubjectName = "MySubjectName" },
and this to create a certificate on runtime based on the code above:
application.CheckApplicationInstanceCertificate(false, 2048).GetAwaiter().GetResult();
small edit: Use this instead of Utils.Format(@"CN={0}, DC={1}", MyApplicationName, ServerAddress)
ApplicationCertificate = new CertificateIdentifier { StoreType = @"Directory", StorePath = @"%CommonApplicationData%\OPC Foundation\CertificateStores\MachineDefault", SubjectName = "CN=OPCUA Client, C=US, S=Arizona, O=OPC Foundation, DC=localhost" },
If none exist, one will be created. The folder path from LocalApplicationData is:
ENM: System.Environment.SpecialFolder.LocalApplicationData
WIN: C:\Users\USER\AppData\Local
LIN: /home/USER/.local/share
OSX: /Users/USER/.local/share
To make sure what you location is for the OPCFoundation folder you can do this:
Console.WriteLine("My LocalApplicationData folder: " + Environment.GetFolderPath( Environment.SpecialFolder.LocalApplicationData));
This the location it saved. So in user/.local/share/OPCFoundation/CertificateStores/MachineDefault/certs is the .der certificate and in the /private folder is the .pfx
Make sure every folder location has read/write permissions. I believe you can do that using this command: sudo chmod -R 777 /home
If this doesn't work, it should tho. You can try getting a certificate (.p12) using this:
var appCertificate = new X509Certificate2(@".folderpath/certs/CertificateName.p12", "password");
application.ApplicationConfiguration.SecurityConfiguration.ApplicationCertificate = new(appCertificate);
I don't recommend this
If you want disable certificates at all:
Make sure you can connect to your server without security. Then disable useSecurity in SelectEndpoint
public bool SecurityEnabled { get; set; }
SecurityEnabled = false;
var selectedEndpoint = CoreClientUtils.SelectEndpoint("opc.tcp://" + serverAddress + ":" + ServerPortNumber + "", useSecurity: SecurityEnabled, operationTimeout: 15000);
I made a small example without certificates and credentials in this post: click here
- Waitpid equivalent with timeout?
- How do I get bit-by-bit data from an integer value in C?
- Decent ways to handle malloc failure?
- POSIX way to do O_DIRECT?
- Why do I not get a MessageBox popup when calling MessageBoxA
- C Compiler differences for iOS and Android development
- different initializ and sign pointer value in global and function
- Hi-Tech C Compiler: #define: "taking the address of this object is illegal"
- Should we disable compiler optimization until the program is bug free?
- Is it possible to convert C to asm without link libc on Linux?
- Explanation of Permission Bits
- Why are bitfields not tightly packed in a struct?
- Why is variable sized object initialization not allowed using const
- C not operator applied to int?
- When to use restrict and when not to
- Why the first node of a linked list is declared as a pointer?
- Problem with not working gdk_test_simulate_button in GTK3
- Configuring the STM32F407VET6 ADC using CMSIS
- Allow double floating point comparisons with Unity unit testing framework from Throw The Switch
- CMake imported library behaviour
- libssh2 public key authentication only requiring passphrase if key request is accepted
- Are arrays treated as static data structures by gcc compiler or as dynamic?
- Is there a 128 bit integer in gcc?
- Loading c library from c# with pinvoke on dotnet core
- Why does my compiler not accept fork(), despite my inclusion of <unistd.h>?
- C/C++ warn or prohibit literal string concatenation
- Fastest way to write & compile a C/C++ program in Windows
- How to pass a 2D dynamically allocated array to a function?
- Behavior of scanset
- How to create an ada lib.a and link to C