Trouble with Certificates


I’ve recently updated to Ignition 8 and I’m having an issue that I’m unable to find a solution.

So I have an Ignition project that is connected to LabView, where Labview acts as a client and can modify tags. Everything worked fine with Ignition 7.9, but now I’m having this error message when I try to connect the Labview program to my OPC-UA endpoint (which is correct, since I’ve checked it multiple times):


I’ve searched for the trusted certificates that was rejected or something, but everything seems fine:

But apparently, when trying to connect to the server from another Third Party Client, it connects perfectly to that same endpoint I’m trying to connect with Labview.

Keep in mind that the LabView program was working fine before I updated, And I didn’t change anything for it to stop working.

Anyone has an idea of what could be happening?

Thanks in advance.

The error message you’re seeing is from your client, suggesting that it doesn’t trust the Ignition OPC UA server certificate.

A new certificate was generated when you upgraded, so if you had to previously do something to import or trust the server certificate you’ll have to do it again.

That’s weird because I didn’t import any certificate the first time

Maybe NI support will have something to say about it. Seems pretty straightforward unless that error message is not to be believed.

I’m a bit curious about why both your certificates show “Invalid date” in that table, though.

1 Like

Yes, I don’t know about that either, and I honestly can’t remeber if before the update it was showing that “invalid date” expiration.

This page didn’t exist in 7.9 and neither did these particular certificates.

Is there a download button next to the certificates? Or any more info if you expand by clicking on the “+”?

That’s why I can’t remember then, haha.

That’s all that appears when I expand the info:

For some reason I can’t download the certificates. Nothing happens when I click the button.

Well, not sure what that’s about, probably a bug in the JS for that page.

In the loggers area of the gateway you can click the gear and then find the logger for DefaultCertificateValidator and turn it to DEBUG. Then force LabView to try and connect again. See if there’s any messages about the certificate being invalid.

Otherwise I think you’ll need NI support to give you a hint about what that error message means and if you need to do anything with the server certificate.

No messages appeared when I did this and tried to connect to Labview again. However, I found this error message from 2 hours ago, when I was already trying to connect. This message is the only one that refers to certificates at my logs.

Probably I’ll need to talk to NI support like you suggested.



io.netty.handler.codec.DecoderException: UaException: status=Bad_SecurityChecksFailed, message=certificate path validation failed
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(
at io.netty.util.concurrent.SingleThreadEventExecutor$
at java.base/ Source)
Caused by: org.eclipse.milo.opcua.stack.core.UaException: certificate path validation failed
at org.eclipse.milo.opcua.stack.core.util.CertificateValidationUtil.verifyTrustChain(
at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.onOpenSecureChannel(
at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.decode(
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(
… 15 common frames omitted

That would be the message that occurs until you’ve marked the NI certificate as trusted, which you have since done.

@carolineuchoa.estuda re: “Invalid date”, what locale is your system in? and what browser?

I have the same problem, but im trying to communicate with Tia Portal V15. Using Ignition 7.9 as an OPC UA Server, it works perfect!, but now i need to use Ignition 8 as an OPC UA Server and it doesn’t works. I have downloaded the authentication certs from Ignition to put them into the Tia Portal trust certs folder and viceversa, but it doesn’t works.

1 Like

Sorry about the delay. By locale you mean the geographic localization of the system? If yes, it is in Brazil. The browser my company uses is Firefox.

Could you post the solution here if you someday find it? I’ll do the same, thanks!

A post was split to a new topic: Kepware Bad_CertificateUriInvalid