02-28-2023 05:03 PM
We have a machine with a CtrlX on an End User in the pharmaceutical sector and we have to communicate with their MES via OPC UA Server. On this machine we use a CtrlX Core with OPC UA Server 1.16.
There are two WinStudio screens working locally communicating via OPC UA perfectly. Then on a server we have the OPC UA client from MES called Traksys.
The problem is that we have installed the certificates both in the MES client and in the Server (CtrlX Core), we even get the client's certificate as Reject, we do the Trust, but then the client does not connect and closes the connection.
From the same server we tested it with UA Expert and it works. It must be something to do with the configuration or the type of certificate but we can't find it.
We have tried None/None and it doesn't work either. The connection is not counted by the CtrlX Core as rejected.
We have looked at the connections with Wireshark from the server and I don't understand why the connection is refused.
Attached are the Wireshark data the OPC UA Expert and MES client. Also the certificates.
One of the differences I see between certificates is the Basic Constraints. I don't know if this can affect it.
I am not an expert on these certificate and security issues. Do you see any problem in the client certificate that is incompatible with the OPC UA Server of CtrlX Core?
Anything you can try tell me, the customer is very important and has a lot of equipment from other manufacturers that work with OPC UA without problems.
Thanks in advance.
02-28-2023 05:20 PM - edited 02-28-2023 05:22 PM
In addition to what David said (we are trying together to solve the problem and visited the customer on site).
The MES system requires this Security Policy , and we tested it on the OPC UA Expert from the server itself and no problem.
The policy required by the MES System is Aes256-Sha256-RsaPss
Do you know if it could be any problem with the default OPC UA certificate self generated by the CtrlX Controller?
03-07-2023 08:55 AM
If I understand it correct you have a OpcUA client, and you can't esatblish the communication.
You should verify the following:
03-07-2023 09:04 AM
Thanks for the tips and the answer. We managed to connect with the same PC via OPC UA Expert (as OPC UA Client).
But there is something we are not doing right with the MES Server (OPC UA Client).
Do you know if there could be a problem regarding the OPC UA App version (Version 1.16 on the machine).
03-07-2023 09:40 AM - last edited on 03-07-2023 10:57 AM by CodeShepherd
When you connecting with UA Expert I expect, that you use the same security settings.
Therefore I expect the problem on Opc UA client side (check docu of the client).
I once had problems with establishing a connection with WebIQ UA client, and couldn't find a missconfiguration. At the end I delete the configuration and created it new, and than it worked.
I don't think that the problem is on OpcUA server side, but as I mentioned you can try version 1.18 and check the OpcUA diagnostic on datalayer.