I’ve to establish connection between Ignition OPC-UA server & Python OPC-UA client (Open Source) using security certificates provided by Ignition having Sign & Encrypt mechanism of OPC-UA endpoint connection.
For testing purpose, I’ve placed my security certificates in the same package as that of connection service. The path of certificate is configurable & they can be placed anywhere in the system.
With reference of this example, I wrote following code to establish connection between Ignition OPC-UA server & Python OPC-UA server:
client = Client(“opc.tcp://localhost:4096/iaopcua/Basic128Rsa15”)
client.load_client_certificate(“ignition-client.der")
client.load_private_key(“???")
client.connect()
I’ve downloaded Ignition client certificate from Manage Certificate of Ignition. To connect with server I also need private key. But, I am unable to get private key for Ignition (Trial Version).
I got following errors when trying to connect to Ignition server using above mentioned code:
A) When no private key given to OPC-UA client for connection, only certificate is there:
client = Client(“opc.tcp://localhost:4096/iaopcua/Basic128Rsa15”)
client.load_client_certificate(“ignition-client.der")
client.connect()
Exception:
Traceback (most recent call last):
File “…\opc_ua\service\opcua_utility.py”, line 123, in connect_opcua
client.connect()
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\opcua\client\client.py”, line 247, in connect
self.activate_session(username=self._username, password=self._password, certificate=self.user_certificate)
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\opcua\client\client.py”, line 416, in activate_session
self._add_certificate_auth(params, certificate, challenge)
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\opcua\client\client.py”, line 431, in _add_certificate_auth
sig = uacrypto.sign_sha1(self.user_private_key, challenge)
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\opcua\crypto\uacrypto.py”, line 46, in sign_sha1
signer = private_key.signer(
AttributeError: ‘NoneType’ object has no attribute ‘signer’
B) When private key (generated via OpenSSL) is given to OPC-UA client:
client = Client(“opc.tcp://localhost:4096/iaopcua/Basic128Rsa15”)
client.load_client_certificate(“ignition-client.der")
client.load_private_key(“private_key_generated_via_openssl")
client.connect()
Exception:
Traceback (most recent call last):
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\opcua\client\client.py”, line 200, in load_private_key
self.user_private_key = uacrypto.load_private_key(path)
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\opcua\crypto\uacrypto.py”, line 34, in load_private_key
return serialization.load_pem_private_key(f.read(), password=None, backend=default_backend())
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\cryptography\hazmat\primitives\serialization.py”, line 20, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py”, line 1015, in load_pem_private_key
password,
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py”, line 1234, in _load_key
self._handle_key_loading_error()
File “C:\Users{username}\AppData\Local\Programs\Python\Python36-32\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py”, line 1292, in _handle_key_loading_error
raise ValueError(“Could not deserialize key data.”)
ValueError: Could not deserialize key data.
I’ve also gone through Ignition documentation but didn’t get any help.
Target Machine Environment:
Ignition: 7.9.4 64-bit
Java: 1.8.0_151
OS: Windows 10 64-bit (Local) & CentOS 7 (IT Testing)
Any help from your side would be appreciated.