I am having an issue securing our OPC UA connection between Ignition 8.1.32 and an Opto-22 device running 3.5.1.
I have certificates trusted on the Ignition side and the Opto-22 side, but keep getting -
UaException: status=Bad_SecurityChecksFailed, message=sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The connection is fine if I turn off certificate validation.
From looking at the documentation, I believe this should just be a matter of trusting the certificates on both ends. The certificates appear on both devices as soon as a connection attempt is made. Both devices are running on the same subnet in the same facility.
I have tried generating new certificates for both devices and restarting multiple times.
Any suggestions would be appreciated.
Can you share the certificates you're working with? And the full log message?
One thing this error might mean is there is a certificate chain involved rather than a self-signed certificate, so maybe there's a root that needs to be trusted.
I hope this is what you were asking for. Thank you for the response. I have done this before and never had this much trouble with it.
70a1caf24f10b57a6452f574c09668c89e7fd473 [C%3DUS].der (1.1 KB)
ddb85f78aac3a310b4965ca1611fa6744ec145de [C%3DUS].der (955 Bytes)
I think you're running into this issue: OPC UA connection "unable to find valid certification path to requested target" - #9 by Kevin.Herron
For now, you'll have to just leave the certificate validation disabled.
Okay. I did see that in the forum, but frankly I was hoping it wasn't the problem. Like the other poster mentioned, it worked and then it stopped working which caused a lot of confusion.
Any ETA on when that might be resolved? I'm asking because the customer will ask.
Thanks again for the response.
I think it may be fixed in 8.1.43, which is available now.
1 Like