Certificate thumbprint does not match

I’m having trouble with the warning message shown below.
It started when I change the name of the default Realtime Tag Provider.
It occurs about every 20 seconds, and I’m not sure where to start.
I’ve rebooted the gateway a few times with no improvements
Anyone know where to start?

Thanks,
David

TcpServerChannel	29Oct2018 12:45:41	Channel error, closing connection. Certificate thumbprint does not match
com.inductiveautomation.opcua.UAException: Certificate thumbprint does not match

at com.inductiveautomation.xopc.common.stack.UAChannel.processAsymmetricChunk(UAChannel.java:1149)

at com.inductiveautomation.xopc.common.stack.UAChannel.processChunk(UAChannel.java:760)

at com.inductiveautomation.xopc.common.stack.UAChannel.access$000(UAChannel.java:63)

at com.inductiveautomation.xopc.common.stack.UAChannel$ProcessChunk.run(UAChannel.java:1570)

at com.inductiveautomation.xopc.client.stack.SerialExecutionQueue$RunnableExecutor.execute(SerialExecutionQueue.java:96)

at com.inductiveautomation.xopc.client.stack.SerialExecutionQueue$RunnableExecutor.execute(SerialExecutionQueue.java:93)

at com.inductiveautomation.xopc.client.stack.SerialExecutionQueue$PollAndExecute.run(SerialExecutionQueue.java:71)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask.run(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

We had a similar issue before, we solved by “Regenerating” Certificates and re-establishing the OPC Server connection.

Thanks Gregg,

I’ve tried regenerating the certificates. It didn’t work by itself. I’ll try recreating the OPC server connection and see how it goes.

If that doesn’t work you probably have some other inbound OPC UA connection from either another Ignition or a 3rd party.

I’ve tried regenerating the certificates. It didn’t work by itself. I’ll try recreating the OPC server connection and see how it goes.

We had to do both steps to fix the issue, first regenerate certificates and then recreate the OPC connection.

Hi Kevin,
Is there any way to narrow down which connection is causing the warning?
I’ve tried restarting all the connections without any luck. The next step is to delete the connections and recreate them, but this is going to cause a bit of disruption. It would be good to narrow it down first.
Thanks,
David

I think the easiest / only way would be to run Wireshark on the server and watch for an incoming connection on port 4096 every ~10s. You’ll be able to see the IP address it’s coming from and hopefully that’s enough to track it down.

1 Like

I finally got rid of this error by restarting the remote ignition gateway.