OPC UA Certificate problem / IBH Link UA

[nickegeson]

Hi forum! I am using a unit called IBH Link UA which have a built-in soft Siemens S7-PLC, OPC server and OPC client function. I have mostly used the PUT/GET function in S7 for communication using the soft PLC but now I need to use the OPC client function reading from another server which in this case is bulit in inside a S7-1500 PLC.

So, the problem is I can only connect to the server using RSA-SHA256 security policy + username and password. But no matter what I do I get “BadCertificateUriInvalid (0x80170000)” using the certificate supplied from the server. The server is set to allow all client connections.

For testing purpose I tried the same way of connecting using Kepware as a client and the same certificate without any issues.

I also tested using different security policies connecting the IBH Link UA as a client to Kepware with the same result, meaning it is giving the same fault. If I set security policy to "none" for Kepware-IBH Link connection everything is working fine.

I also tried manipulated/created new certificates using the UA configuration tool.

I have contacted the supplier of the IBH Link UA but so far haven´t got the answers I need.

So, does anyone out here have any experience with these IBH units or OPC certificate issues in general, maybe particularly for this fault?

 

[lfe]

OPC UA is very strict and complicated in terms of security, it takes 5 steps for the client to connect to a server, one of them is the call to the CreateSession service.
On the server response the server certificate is returned and the client verifies that it is the same as the one used to create the SecureChannel

It seems that the IBH Link UA has a bug checking this, or is excessively strict.

https://reference.opcfoundation.org/v104/Core/docs/Part4/5.6.2/

 

[nickegeson]

Thanks for your input!