0

Secure Connection to Ignition OPC-UA

I have been struggling with this for days. While trying to connect an OPC collector session to a locally hosted Ignition gateway OPC-UA server, I get this error in the Ignition logs:

UascServerAsymmetricHandler 11Jun2024 07:14:32 Error installing security token: StatusCode{name=Bad_SecurityChecksFailed, value=0x80130000, quality=bad}
org.eclipse.milo.opcua.stack.core.UaException: no matching endpoint found: transportProfile=TCP_UASC_UABINARY, endpointUrl=opc.tcp://127.0.0.1:62541/, securityPolicy=None, securityMode=None
at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$openSecureChannel$3(UascServerAsymmetricHandler.java:410)
at java.base/java.util.Optional.orElseThrow(Unknown Source)
at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.openSecureChannel(UascServerAsymmetricHandler.java:400)
at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$sendOpenSecureChannelResponse$1(UascServerAsymmetricHandler.java:311)
at org.eclipse.milo.opcua.stack.core.channel.SerializationQueue.lambda$encode$0(SerializationQueue.java:59)
at org.eclipse.milo.opcua.stack.core.util.TaskQueue$TaskWrapper.run(TaskQueue.java:273)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
  • In the OPC Collector settings, clicking INFO... yields a certificate that looks right. 
  • I have uploaded that same certificate to the server security tab in Ignition OPC-UA security
  • I have installed the Ignition OPC-UA Server certificate into my local computer Trusted Root Certification Authorities (also tried Personal)
  • These are my Canary connection settings:

    I have created a user in the Ignition opcua-module user source for Canary.
  • These are the Ignition settings:

1 reply

null
    • smason
    • 5 mths ago
    • Reported - view

    douglas. lawrie Are there any messages in Canary's message log when you try to connect? If the "Use Security" box is checked, it should not try to connect without security.

    I would also reach out to IA if you haven't already regarding that error. It seems odd that it's reporting the securityPolicy=none even though it is set to Basic256Sha256.

Content aside

print this pagePrint this page
  • 5 mths agoLast active
  • 1Replies
  • 131Views
  • 2 Following