UaException: status=Bad_Certificate Time Invalid

Kfoldesi · October 6, 2022, 4:57pm

How do I renew a certificate?

UaException: status=Bad_CertificateTimeInvalid, message=certificate is expired: Thu Oct 03 00:00:00 EDT 2019 - Mon Oct 03 00:00:00 EDT 2022
at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.onError(UascClientAcknowledgeHandler.java:258)
at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.decode(UascClientAcknowledgeHandler.java:167)
at io.netty.handler.codec.ByteToMessageCodec$1.decode(ByteToMessageCodec.java:42)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)
at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:103)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:677)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:612)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:529)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:491)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905)
at java.base/java.lang.Thread.run(Unknown Source)

8.0.4 (b2019091612)
Azul Systems, Inc. 11.0.4

Kfoldesi · October 7, 2022, 11:39am

Does anyone know how to resolve this issue? This system has been running for years. It talks to AB plc's using modbus. No OPC UA - I don't know why it has a temporary certificate.

pturmel · October 7, 2022, 12:48pm

If it is what I think, it is self-generated and signed. If you delete it I think Ignition will generate a new one. Which you probably then have to accept in the other system. @Kevin.Herron ?

avaughn · October 7, 2022, 1:18pm

As Phil mentions, the certificates get regenerated during startup once you delete them. Kevin mentions in this post where those certificates are located that need to be deleted. Also, 8.1.8 introduced a regenerate certificate option.

cmohr623 · April 12, 2023, 3:57pm

This resolution does work to regenerate the certificates, but the question from myself and my customer is; "Why did this happen and do we need to worry about it happening again?" This system is running v8.0.8 and has been running for many years without this happening. The solution isn't one that my customer feels comfortable doing themselves, so it requires an onsite service call from my office which costs them money. Is there an underlying issue that we need to look for and resolve or some other way to prevent this from happening again? Thanks!

Kevin.Herron · April 12, 2023, 4:00pm

It will happen again in 3 years.

If you upgrade to 8.1 and regenerate from the UI that was implemented you'll have the option to set a custom validity period.