Connecting over HTTPS|OPC UA Implementation: Stacks, Tools, and Samples|Forum|OPC Foundation

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Connecting over HTTPS
Avatar
Dmitry Farberov
Member
Members
Forum Posts: 11
Member Since:
06/30/2014
sp_UserOfflineSmall Offline
1
05/11/2020 - 11:39
sp_Permalink sp_Print

I'm trying to get a connection between Reference Client and Server (or any sample client/server combo for that matter) using HTTPS endpoints. What I get is the stack trace below. What am I doing wrong? Thanks.

 

EXCEPTION (ServiceResultException)
BadUnknownResponse
SERVICE RESULT (BadUnknownResponse)
STACK TRACE
at Opc.Ua.DiscoveryClient.GetEndpoints(RequestHeader requestHeader, String endpointUrl, StringCollection localeIds, StringCollection profileUris, EndpointDescriptionCollection& endpoints)
at Opc.Ua.DiscoveryClient.GetEndpoints(StringCollection profileUris)
at Opc.Ua.Client.CoreClientUtils.SelectEndpoint(String discoveryUrl, Boolean useSecurity, Int32 operationTimeout)
at Opc.Ua.Client.Controls.ConnectServerCtrl.<Connect>d__66.MoveNext() in D:\Sourcetree\OPC UA\UA-.NETStandard\SampleApplications\Samples\ClientControls.Net4\Common\Client\ConnectServerCtrl.cs:line 290
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Opc.Ua.Client.Controls.ConnectServerCtrl.<Server_ConnectMI_Click>d__74.MoveNext() in D:\Sourcetree\OPC UA\UA-.NETStandard\SampleApplications\Samples\ClientControls.Net4\Common\Client\ConnectServerCtrl.cs:line 504
Avatar
Randy Armstrong
Admin
Forum Posts: 1438
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
05/12/2020 - 01:51
sp_Permalink sp_Print

You will have to debug the client to see what is actually coming back.

That error indicates the response cannot be parsed.

Avatar
Dmitry Farberov
Member
Members
Forum Posts: 11
Member Since:
06/30/2014
sp_UserOfflineSmall Offline
3
05/12/2020 - 08:35
sp_Permalink sp_Print

I did. It gets down to HttpsTransportChannel.BeginSendRequest() and PostAsync() errors out with "An error occurred while sending the request". It's as if it doesn't see the server even though it's running and the address is correct. Here's the log:

************************* Logging started at 05/12/2020 11:08:07
5/12/2020 11:08:07.209 Checking application instance certificate.
5/12/2020 11:08:07.226 Checking application instance certificate. CN=Quickstart Reference Client, C=US, S=Arizona, O=OPC Foundation, DC=dfsrv2019
5/12/2020 11:08:21.787 GetEndpoints Called. RequestHandle=1, PendingRequestCount=1
5/12/2020 11:08:24.117 Exception sending HTTPS request: An error occurred while sending the request.
5/12/2020 11:08:24.136 ***EXCEPTION*** BadCommunicationError HttpRequestException An error occurred while sending the request.
5/12/2020 11:08:24.147 Exception reading HTTPS response: An error occurred while sending the request.
5/12/2020 11:08:24.161 ***EXCEPTION*** BadUnknownResponse
5/12/2020 11:08:24.172 GetEndpoints Completed. RequestHandle=1, PendingRequestCount=0, StatusCode=Bad

I also noticed that the string "/discovery" is added to the URL, so I disabled that piece of code just for testing - didn't make a difference.

I was wondering if you had to do anything special to set up HTTPS communications.

Avatar
Dmitry Farberov
Member
Members
Forum Posts: 11
Member Since:
06/30/2014
sp_UserOfflineSmall Offline
4
05/12/2020 - 08:59
sp_Permalink sp_Print

Got some more info. Trapped the HttpRequestException. It has two InnerExceptions:

WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
AuthenticationException: The remote certificate is invalid according to the validation procedure.
 
I'm just running samples straight out of the box - no changes of any kind.

Avatar
Randy Armstrong
Admin
Forum Posts: 1438
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
5
05/13/2020 - 03:59
sp_Permalink sp_Print

I have noticed that recent updates to the Windows TLS/SSL secure channel implementation can prevent applications from using TLS certificates that cannot be validated by Windows. This includes having a trusted CA and an online CRL. There may be a way to disable these checks but I have not found it yet.

I have been during any HTTPS development on a cloud VM with public domain name and a proper HTTPS certificate. I realize that will not be an option for everyone.

Avatar
Dmitry Farberov
Member
Members
Forum Posts: 11
Member Since:
06/30/2014
sp_UserOfflineSmall Offline
6
05/15/2020 - 12:05
sp_Permalink sp_Print

You can do this in the client to get it to work:

                ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;

 

Obviously, you can provide any kind of custom validation you might need. Maybe all OPC UA Client should have a way to allow the application to supply their own server certificate validation.

Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 19
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1341
Posts: 4546