Kepware Bad_CertificateUriInvalid

Has anyone found a solution. I am experiencing the same issue connecting to Kepware. Connection on Ignition 7.9 works fine, but doesnt work on Ignition 8.

UaException: status=Bad_CertificateUriInvalid, message=The URI specified in the ApplicationDescription does not match the URI in the Certificate.
at org.eclipse.milo.opcua.stack.core.util.CertificateValidationUtil.validateApplicationUri(
at com.inductiveautomation.ignition.gateway.opcua.client.ClientManager.initializeObject(ClientManager.kt:112)
at com.inductiveautomation.ignition.gateway.opcua.client.ClientManager$initializeObject$1.invokeSuspend(ClientManager.kt)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$ Source)
at java.base/ Source)

8.0.2 (b2019060511)
Azul Systems, Inc. 11.0.3

We have tried to re-issue the certificate from Kepware to no avail.

I beleive the source comes from this invalid date error with the Ignition certificate.

This is happening because the Kepware certificate contains an invalid URI. Ignition 7.9 did not do as many security checks as Ignition 8.0 does.

The solution is to ensure you’re on a recent version of Kepware and find the appropriate place in their UA settings to re-issue the server certificate.

If you simply re-issue on the same older version that has the bug that includes invalid URIs in the certificate nothing will change.

1 Like

Seems the same thing is happening in 8.0.6. I was changing some ip addresses and the same error came up. Reissuing/upgrading Kepware to the latest version both didn’t seem to affect the result.
There are no certificates in the OPC UA Manager for Kepware but the error persists.
Following the instructions for connecting to Kepware doesn’t resolve this either. Any suggestions?
To add on in Kepware, looking at the Certification path shows “This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.” When I import the certificate from Ignition 8.0.6

It appears that after removing all the pre-existing certificates on the trusted clients, and waiting for a couple minutes allowed Kepware to make a new certificate for the Ignition OPC UA client.
For reference, I was using a much older demo version of Kepware ServerEX V6 (Version 6.0.x…) and updated to Version 6.8.796.0. Although this was the solution for this time, I still may have to use the 6.0.x version because of licensing on installation.
What I’m not sure is why the server worked prior to the error as I was reconfiguring the IP addresses of the remote computers. The older version still worked without problem connecting to Ignition.