I’m assuming theres something really simple that I am missing here. A colleague of mine is atttempting to connect to an ignition OPC UA server using a third party application(embarcadero using Kassls dOPC Toolkit). I believe we have everything set up on the ignition side properly as you can see in the images attached we are getting a “no public certificate found” error.
We have the Security mode in the third party application set for Sign and Encrypt with the Basic256Sha256 security policy enabled & downloaded the certificate file from the ignition gateway under the client tab and used that file in the embarcadero application for the cerficate file. We have also typed the credentials for the OPC UA user that we configured under the user tab. Could someone point me in the right direction to figure out what I am missing here? I am using version 8.013.
I think you might need to contact the vendor for this client.
Try using UaExpert to connect as a sanity check.
I can tell you that the endpoint at opc.tcp://localhost:62541/discoverydoes not have a certificate, and that’s intentional. The discovery endpoint is unsecured. The endpoints it returns will point to opc.tcp://localhost:62541, which do have a certificate, and if you have not enabled the “None” security policy, will only offer secured endpoints.
If the client you’re using can’t do discovery against one URL and then actually follow the URLs returned in the endpoints then it’s deficient and needs to be fixed by the vendor.
You might try pointing your client directly at opc.tcp://localhost:62541 and see if it works.
Thanks, Reached out to the vendor, And made some progress, but still having issues. I attached an image of the security settings on the gateway & the error message that I am receiving when trying to validate the connection.
The discovery endpoint (when the URL ends with “/discovery”) does not offer security but your client is trying to connect with security.
Have you tried removing “/discovery” from the endpoint URL you use to connect? Did you ever modify the Ignition server configuration to allow unsecured connections or is it still security only?
Sorry, I’ve been in and out, of the office, and was finally able to get a wireshark capture from my coworker. Also, When I said discovery Earlier in reference to Point 4840, that section of the window is for searching for a list available UA servers on the port that you type in to that field. When you find a valid one and select it, it will populate the fields at the bottom(Server).
In response to Kevin, we tried removing the /disocvery, but received the same error message. attached is a wireshark capture(WireSharkData.zip (4.9 KB) .pcapng file). Not sure if this is the file format you need, please let me know how you would like it to be formatted.
This client is still trying to open a secure channel against the discovery endpoint (opc.tcp://127.0.0.1:62541/discovery) for some reason. Did you get in touch with the vendor of this client yet?
