OPC UA安全連接C＃

Question

我正在嘗試使用帶有Beckhoff服務器的OPCUA客戶端建立安全連接。我得到一個錯誤控制證書不被信任。有關如何從這裏出發的任何建議？

public bool connect(string url) { 
     // TODO implement security 
     // select the best endpoint. 
     EndpointDescription endpointDescription; 

     try { 
      endpointDescription = ClientUtils.SelectEndpoint(url, true); 
     } catch { 
      return false; 
     } 



     endpointDescription.SecurityPolicyUri = SecurityPolicies.Basic128Rsa15; 
     endpointDescription.SecurityMode = MessageSecurityMode.SignAndEncrypt; 


     EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(appConfig()); 

     ConfiguredEndpoint endpoint = new ConfiguredEndpoint(null, endpointDescription, endpointConfiguration); 


      m_session = Session.Create(
      appConfig(), 
      endpoint, 
      false, 
      false, 
      "Experiment", 
      60000, 
      useridentety, 
      preferredLocales); 

     // set up keep alive callback. 
     // TODO Verbindungsabbrüche behandeln 
     //m_session.KeepAlive += new KeepAliveEventHandler(Session_KeepAlive); 

     return m_session.Connected; 
    } 

錯誤：

2016-07-06 14:34:58.6683|ERROR|Control|Certificate is not trusted. 
SubjectName: CN=TcOpcUaServer@192.168.3.222, OU=Unit, O=Organization, L=LocationName, C=DE, DC=CX-25C711 IssuerName: CN=TcOpcUaServer@192.168.3.222, OU=Unit, O=Organization, L=LocationName, C=DE, DC=CX-25C711 bei Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain) in C:\VIPA_OPC_NetClient\UANET\Stack\Core\Security\Certificates\CertificateValidator.cs:Zeile 249.bei Opc.Ua.CertificateValidator.Validate(X509Certificate2 certificate) in C:\VIPA_OPC_NetClient\UA-NET\Stack\Core\Security\Certificates\CertificateValidator.cs:Zeile 161. 
    bei Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales) in C:\OPC_NetClient\UA-NET\SampleApplications\SampleLibraries\Client\Session.cs:Zeile 1980. 
    bei Opc.Ua.Client.Session.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales) in C:\OPC_NetClient\UA-NET\SampleApplications\SampleLibraries\Client\Session.cs:Zeile 818. 
    bei PerformanceTest.Experiment.connect(String url) in C:\OPC_NetClient\PerformanceTest\Experiment.cs:Zeile 210. 
    bei PerformanceTest.MainForm.runExperiment() in C:\OPC_NetClient\PerformanceTest\MainForm.cs:Zeile 148. 
2016-07-06 14:34:58.6683|ERROR|Control|Certificate is not trusted. 
SubjectName: CN=TcOpcUaServer@192.168.3.222, OU=Unit, O=Organization, L=LocationName, C=DE, DC=CX-25C711 
IssuerName: CN=TcOpcUaServer@192.168.3.222, OU=Unit, O=Organization, L=LocationName, C=DE, DC=CX-25C711 
    bei Opc.Ua.CertificateValidator.InternalValidate(X509Certificate2Collection certificates) in C:\VIPA_OPC_NetClient\UA-NET\Stack\Core\Security\Certificates\CertificateValidator.cs:Zeile 755. 
    bei Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain) in C:\VIPA_OPC_NetClient\UA-NET\Stack\Core\Security\Certificates\CertificateValidator.cs:Zeile 189. 
2016-07-06 14:34:58.6933|ERROR|Control|Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. 
    bei PerformanceTest.Experiment.disconnect() in C:\OPC_NetClient\PerformanceTest\Experiment.cs:Zeile 254. 
    bei PerformanceTest.MainForm.runExperiment() in C:\OPC_NetClient\PerformanceTest\MainForm.cs:Zeile 168. 
2016-07-06 14:34:58.6933|INFO|Control|Done running experiment 

Answer 1

證書的驗證failling，因爲你的證書CN不被信任server.I假設你自己生成的證書，也許TcOpcUaServer@192.168。服務器不認爲3.222有效。我不知道Beckhoff服務器的工作方式，您應該向開發人員諮詢有關此主題的幫助。

此外IssuerName和SubjectName不應該是平等的。

一個很好的工具來檢查證書中的數據是keystore-explorer

位拿鐵抱歉，但希望它幫助。