Secure Connection to Ignition OPC-UA

I have been struggling with this for days. While trying to connect an OPC collector session to a locally hosted Ignition gateway OPC-UA server, I get this error in the Ignition logs:

UascServerAsymmetricHandler 11Jun2024 07:14:32 Error installing security token: StatusCode{name=Bad_SecurityChecksFailed, value=0x80130000, quality=bad}
org.eclipse.milo.opcua.stack.core.UaException: no matching endpoint found: transportProfile=TCP_UASC_UABINARY, endpointUrl=opc.tcp://, securityPolicy=None, securityMode=None
at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$openSecureChannel$3(UascServerAsymmetricHandler.java:410)
at java.base/java.util.Optional.orElseThrow(Unknown Source)
at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.openSecureChannel(UascServerAsymmetricHandler.java:400)
at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$sendOpenSecureChannelResponse$1(UascServerAsymmetricHandler.java:311)
at org.eclipse.milo.opcua.stack.core.channel.SerializationQueue.lambda$encode$0(SerializationQueue.java:59)
at org.eclipse.milo.opcua.stack.core.util.TaskQueue$TaskWrapper.run(TaskQueue.java:273)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
  • In the OPC Collector settings, clicking INFO... yields a certificate that looks right. 
  • I have uploaded that same certificate to the server security tab in Ignition OPC-UA security
  • I have installed the Ignition OPC-UA Server certificate into my local computer Trusted Root Certification Authorities (also tried Personal)
  • These are my Canary connection settings:

    I have created a user in the Ignition opcua-module user source for Canary.
  • These are the Ignition settings:

1reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • douglas. lawrie Are there any messages in Canary's message log when you try to connect? If the "Use Security" box is checked, it should not try to connect without security.

    I would also reach out to IA if you haven't already regarding that error. It seems odd that it's reporting the securityPolicy=none even though it is set to Basic256Sha256.

    Like 1
print this pagePrint this page
Like Follow
  • 1 mth agoLast active
  • 1Replies
  • 39Views
  • 2 Following