Home Community Discussion Forums Most Active Software Boards LabVIEW Topic

LabVIEW

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OPC UA certificate: BadCertificateUriInvalid

Solved!
Go to solution

OPC UA certificate: BadCertificateUriInvalid

‎05-31-2023 08:49 AM

Hello forum

 

I created a certificate with the OPC UA toolkit by NI. Unfortunately when connecting to the server with UAexpert I get the error BadCertificateUriInvalid. I suspect this is because of the space in National Instruments in the URI:

raphaelwittwer_0-1685540830248.png

 

Does anyone know a workaround for this? In the VI to create the certificate I cannot open the block diagram since it is password protected and changing this value does not seem to work with a tool like XCA after certificate creation.

 

Thanks,

Raphael

0 Kudos
Message 1 of 9
(2,317 Views)
Reply

Re: OPC UA certificate: BadCertificateUriInvalid

‎06-05-2023 08:37 AM

I actually had two issues, the first one was about the hostname:

raphaelwittwer_0-1685972061293.png

 

This seems to come from the hostname in the certificate not being fully qualified, since I added the IP and the fully qualified hostname manually to the certificate this error has disappeared.

 

raphaelwittwer_2-1685972061294.png

 

Settings in the client

 

raphaelwittwer_3-1685972061295.png

 

This same error is thrown by another OPC UA client.

 

Unfortunately I do not have access to the OPCUA specification, but it seems that spaces in URI are not allowed. In the created certificate however there is a space in “National Instruments”:

 

raphaelwittwer_4-1685972061295.png

 

 

This seems to be the case (second point about whitespace):

raphaelwittwer_5-1685972061296.png

 

 

Second source:

raphaelwittwer_6-1685972061299.png

 

Does anyone have access to the OPCUA standard and can confirm that whitespace is not allowed?

0 Kudos
Message 2 of 9
(2,264 Views)
Reply

Re: OPC UA certificate: BadCertificateUriInvalid

‎06-05-2023 09:47 AM

I have recreated the key without the whitespace in the URI in XCA, unforunately this is not the problem. I have tried with adding the fully qualified hostname (leads to the bad certificate hostname invalid) and without, same result concerning the bad URI error.

0 Kudos
Message 3 of 9
(2,255 Views)
Reply

Re: OPC UA certificate: BadCertificateUriInvalid

‎06-06-2023 05:07 AM

some ideas:

- check, that the certificates are at the correct place and check the server configuration

- create the certificates with uaexpert

 

Message 4 of 9
(2,225 Views)
Reply
Solution
Accepted by topic author raphael.wittwer

Re: OPC UA certificate: BadCertificateUriInvalid

‎06-07-2023 06:06 AM

Thank you Martin for your ideas!

 

It finally worked, XCA needs to be configured so that a certificate with the expected field URI can be created by appending this string to the dn.txt: domainComponent

 

The original issue is that the server sends a different URI than the certificate (made with the NI certificate vi) defines, and the DNS is missing for the fully qualified name it usually responds with.

0 Kudos
Message 5 of 9
(2,212 Views)
Reply

Re: OPC UA certificate: BadCertificateUriInvalid

‎08-31-2023 05:04 AM - edited ‎08-31-2023 05:23 AM

Hello Raphael

 

I have the same issue with UaExpert and the server created by LabView...

 

I finally found how to solve this problem, it is in fact very simple. Just use the same name for the server and the certificate :

 

Walker34_1-1693477390518.png

 

0 Kudos
Message 6 of 9
(1,923 Views)
Reply

Re: OPC UA certificate: BadCertificateUriInvalid

‎08-31-2023 05:29 AM

He used XCA (https://hohnstaedt.de/xca/ ) which is very flexible, but not easy to understand. Uaexpert can also create certificates and has some more options. Its primary for it's own usage, but those certificate files can also used for other OPC UA connections.

 

0 Kudos
Message 7 of 9
(1,910 Views)
Reply

Re: OPC UA certificate: BadCertificateUriInvalid

‎08-31-2023 05:54 AM

If this works for you that is very good, I could not get the certificate to use the same name as the Server was sending. It was not in the part that I can define but a space in "National Instruments" sent from the server but not present in the certificate or vice versa.

0 Kudos
Message 8 of 9
(1,901 Views)
Reply

Re: OPC UA certificate: BadCertificateUriInvalid

‎08-31-2023 07:59 AM

 

Those Certificate tools are cryptic for me, if it works with that simple VI, I will not look deeper or my brain will burn.

Yes now I understand that your issue was due to something else, Raphael. I posted my solution because someone else will maybe get the same problem and will come here, because it is a first result in google search.

Thank you both for answering.

0 Kudos
Message 9 of 9
(1,892 Views)
Reply