There's nothing actually wrong with the OPC UA module, it's just configured in a way that exposed a bunch of clients that didn't know what they were doing
Okay, it’s what I suggested. By default Ignition’s OPC UA server only accepts secured connections at opc.tcp://10.122.220.204:62541. Unsecured discovery services can be found running at opc.tcp://10.122.220.204:62541/discovery.
Some clients are defective and can’t handle this kind of setup. If that’s the case here, you change the configuration of Ignition’s server to allow None,Basic256Sha256 for its security policies (and restart) then this client will probably be able to connect.
It looks like the most recent error in the logs doesn’t have anything to do with certificates now:
E [o.e.m.o.s.s.t.u.UascServerAsymmetricHandler] [12:54:16]: Error installing security token: StatusCode{name=Bad_SecurityChecksFailed, value=0x80130000, quality=bad}
org.eclipse.milo.opcua.stack.core.UaException: no matching endpoint found: transportProfile=TCP_UASC_UABINARY, endpointUrl=opc.tcp://192.168.47.128:62541/discovery, securityPolicy=Basic256Sha256, securityMode=SignAndEncrypt
at org.…
You may need to point the software at the discovery endpoint instead: opc.tcp://host:62541/discovery. This is at least what you would need to do with UaExpert via its "custom discovery" flow.
The server has two endpoints: one for discovery, one for sessions. The discovery endpoint is unsecured, and the session endpoint only allows secured connections by default. You're pointing your software at the session endpoint, and despite configuring it to use security, it's probably trying to start with …
1 Like
This configuration is changing for 8.3.