Node-OPCUA Connect to Server with unknown securityMode/securityPolicy

Question

I am trying to connect to an opcua server with unknown securityMode and securityPolicy. Probably I have a basic understanding problem, but according to the OPCUA specification I can get the EndpointDescription via the local DiscoveryServer and then open a SecureChannel (session).

Currently I connect to the server without specifying the security settings, read out the endpoints and would then select an appropriate security setting and reconnect.

const getEndpoints = function (endpointUrl) {
  return new Promise(function (resolve, reject) {
    let client = new opcua.OPCUAClient();
    client.connect(endpointUrl, function (err) {

      if(err) reject(new Error(err));
      client.getEndpointsRequest(function (err,endpoints) {
        let reducedEndpoints = endpoints.map(endpoint => 
          ({ 
            endpointUrl: endpoint.endpointUrl, 
            securityMode: endpoint.securityMode, 
            securityPolicy: endpoint.securityPolicyUri,
          })
        );
        resolve(endpoints);
        // resolve(reducedEndpoints);
        client.disconnect();
      })
    })
  })
}

const connect = function (endpointUrl, options) {
  return new Promise(function (resolve, reject) {
    const defaultOptions = {
      connectionStrategy: {
        maxRetry: 6,
      },
      keepSessionAlive: true,
      endpoint_must_exist: false,
      securityMode: options.MessageSecurityMode.NONE,
      securityPolicy: SecurityPolicy.None,
    };

    let client = new opcua.OPCUAClient(Object.assign({}, defaultOptions, options));

    client.connect(endpointUrl, function (err) {
      if(err) {
        reject(new Error(err));
      }
      resolve(client)
    });
  });
};

That doesn't feel right. It would be nice if someone would help me with an example.

Best Regards

Answer 1

• A client usually queries the endpoints of a OPCUA server in order to find out what will be the best security and encryption mode it will use to connect to the server.
• getEndpoints is one of the service that doesn't require the client to open a session on the Server.

    // with node-opcua@0.4.1
    const opcua = require("node-opcua");
    async function getEndpoints(endpointUrl) {
        let client = new opcua.OPCUAClient();
        await client.connect(endpointUrl);
        const endpoints =  await client.getEndpoints();
        const reducedEndpoints = endpoints.map(endpoint => ({ 
            endpointUrl: endpoint.endpointUrl, 
            securityMode: endpoint.securityMode.toString(), 
            securityPolicy: endpoint.securityPolicyUri.toString(),
        }));
        await client.disconnect();
        return reducedEndpoints;
    }

    async function main() {
      const endpoints = await getEndpoints("opc.tcp://opcuademo.sterfive.com:26543");
        console.log(endpoints);
    }
    main().then();

This code will output:

  [ { endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
      securityMode: 'NONE',
      securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#None' },
    { endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
      securityMode: 'SIGN',
      securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15' },
    { endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
      securityMode: 'SIGN',
      securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic256' },
    { endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
      securityMode: 'SIGN',
      securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256' },
    { endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
      securityMode: 'SIGNANDENCRYPT',
      securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15' },
    { endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
      securityMode: 'SIGNANDENCRYPT',
      securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic256' },
    { endpointUrl: 'opc.tcp://opcuademo.sterfive.com:26543',
      securityMode: 'SIGNANDENCRYPT',
      securityPolicy: 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256' } ]

This being said, an node-opcua client will automatically query the server endpoint during connect and verifies that the securityMode and securityPolicy requested by the user is available.

  // with node-opcua@0.4.1
  const opcua = require("node-opcua");
  async function verifyEndpointAndConnect(endpointUrl) {
      let client = new opcua.OPCUAClient();
      await client.connect(endpointUrl);

      // note that client has already requested the server endpoints
      // during the connection. We can now simply query the Application
      // description matching our security settings
      const applicationDescription = client.findEndpointForSecurity(
          opcua.MessageSecurityMode.SIGN,
          opcua.SecurityPolicy.Basic256Sha256
      );

      await client.disconnect();

      if (applicationDescription) {
           console.log("Yes! the server support this endpoints:");
           console.log(applicationDescription.toString());
      }else {
           console.log("Sorry! this server do not support the requested security mode");
          return;
      }      

      // let recreate our client with the requested security mode
      client = new opcua.OPCUAClient({
          securityMode: opcua.MessageSecurityMode.SIGN,
          securityPolicy: opcua.SecurityPolicy.Basic256Sha256,
      });

      await client.connect(endpointUrl);
      // [...] do something with this connected client.
      await client.disconnect();

  }

  async function main() {
    await verifyEndpointAndConnect("opc.tcp://opcuademo.sterfive.com:26543");
    console.log("done");
  }
  main();

Answer 2

Etienne, thanks for your answer. The example code works like a charm. This is the answer:

Yes! the server support this endpoints:
{ /*EndpointDescription*/
endpointUrl                   /* String                           */: opc.tcp://opcuademo.sterfive.com:26543
server                        /* ApplicationDescription           */: {
  applicationUri              /* String                           */: urn:opcuademo.sterfive.com:NodeOPCUA-Server
  productUri                  /* String                           */: NodeOPCUA-Server
  applicationName             /* LocalizedText                    */: locale=null text=NodeOPCUA
  applicationType             /* ApplicationType                  */: SERVER ( 0)
  gatewayServerUri            /* String                           */: null
  discoveryProfileUri         /* String                           */: null
  discoveryUrls               /* String                        [] */: [ /* empty*/ ]
}
serverCertificate             /* ByteString                       */
BUFFER{00000000: 30 82 04 11 30 82 02 f9 a0 03 02 01 02 02 02 10 1a 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00    0...0..y.........0...*.H.w......
00000020: 30 28 31 12 30 10 06 03 55 04 0a 13 09 4e 6f 64 65 4f 50 43 55 41 31 12 30 10 06 03 55 04 03 13    0(1.0...U....NodeOPCUA1.0...U...
00000040: 09 4e 6f 64 65 4f 50 43 55 41 30 22 18 0f 32 30 31 38 30 32 31 30 32 30 33 38 31 33 5a 18 0f 32    .NodeOPCUA0"..20180210203813Z..2
00000060: 30 31 39 30 32 31 30 32 30 33 38 31 33 5a 30 28 31 12 30 10 06 03 55 04 0a 13 09 4e 6f 64 65 4f    0190210203813Z0(1.0...U....NodeO
00000080: 50 43 55 41 31 12 30 10 06 03 55 04 03 13 09 4e 6f 64 65 4f 50 43 55 41 30 82 01 22 30 0d 06 09    PCUA1.0...U....NodeOPCUA0.."0...
000000a0: 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ae 38 4e 06 c8 d2 13    *.H.w...........0.........8N.HR.
000000c0: b6 d1 6d 42 e7 1c 17 4f 68 9b da 5e 6d 79 82 d0 ea 6b 81 0c 05 bc 1d 23 ab ec 81 7c 1d 52 94 f2    6QmBg..Oh.Z^my.Pjk...<.#+l.|.R.r
000000e0: 5c fa 23 7a fc d2 5e f7 a3 85 94 29 97 07 85 01 cf 94 40 31 bd 56 d8 c0 4d ec 38 a9 c6 aa 40 20    \z#z|R^w#..)....O.@1=VX@Ml8)F*@.
00000100: 28 5e 4b b3 f0 53 a1 0d b9 d1 7d fa 3b 98 8e 04 44 8a 20 4a 23 c6 9b 31 8e 9d 98 2b 65 da a0 34    (^K3pS!.9Q}z;...D..J#F.1...+eZ.4
00000120: 64 f6 c6 6b 58 48 9c 3f 29 40 f9 ed 7f 08 dc 01 13 31 dc f1 6e f7 33 9d 79 6b 9b a0 42 80 16 16    dvFkXH.?)@ym..\..1\qnw3.yk..B...
00000140: d8 5a 33 78 99 5a b8 f2 60 40 b4 31 d3 f2 b6 f4 2c 5e d4 0f ef 97 f0 6e 76 7d 9e 9f 6f 15 35 07    XZ3x.Z8r`@41Sr6t,^T.o.pnv}..o.5.
00000160: a0 35 e8 81 58 94 f2 32 99 af fa 24 37 43 af fc f7 93 20 d5 2d 13 32 05 44 b1 ff 23 78 bb 84 42    .5h.X.r2./z$7C/|w..U-.2.D1.#x;.B
00000180: 33 8d ff c7 76 0b f3 42 20 7f 1f 5c 64 0a 45 b4 e6 26 53 9b b9 8a ab 7e cb 60 76 80 70 32 77 c1    3..Gv.sB...\d.E4f&S.9.+~K`v.p2wA
000001a0: f0 50 58 74 7a 51 e2 9f 34 8a 6c 6d b7 28 81 13 63 3a ec 02 5e 0b 1c 9f d9 02 03 01 00 01 a3 82    pPXtzQb.4.lm7(..c:l.^...Y.....#.
000001c0: 01 3f 30 82 01 3b 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 1d 06 03 55 1d 0e 04 16 04 14 f6    .?0..;0...U.......0.0...U......v
000001e0: 48 db df 7d da 78 08 c3 b6 b4 72 31 68 1b 1e 0b 13 a6 0f 30 51 06 03 55 1d 23 04 4a 30 48 80 14    H[_}Zx.C64r1h....&.0Q..U.#.J0H..
00000200: f6 48 db df 7d da 78 08 c3 b6 b4 72 31 68 1b 1e 0b 13 a6 0f a1 2c a4 2a 30 28 31 12 30 10 06 03    vH[_}Zx.C64r1h....&.!,$*0(1.0...
00000220: 55 04 0a 13 09 4e 6f 64 65 4f 50 43 55 41 31 12 30 10 06 03 55 04 03 13 09 4e 6f 64 65 4f 50 43    U....NodeOPCUA1.0...U....NodeOPC
00000240: 55 41 82 02 10 1a 30 59 06 03 55 1d 11 04 52 30 50 86 2b 75 72 6e 3a 6f 70 63 75 61 64 65 6d 6f    UA....0Y..U...R0P.+urn:opcuademo
00000260: 2e 73 74 65 72 66 69 76 65 2e 63 6f 6d 3a 4e 6f 64 65 4f 50 43 55 41 2d 53 65 72 76 65 72 82 09    .sterfive.com:NodeOPCUA-Server..
00000280: 6c 6f 63 61 6c 68 6f 73 74 82 16 6f 70 63 75 61 64 65 6d 6f 2e 73 74 65 72 66 69 76 65 2e 63 6f    localhost..opcuademo.sterfive.co
000002a0: 6d 30 2c 06 09 60 86 48 01 86 f8 42 01 0d 04 1f 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 72 61    m0,..`.H..xB......OpenSSL.Genera
000002c0: 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 02 fc 30    ted.Certificate0...U..........|0
000002e0: 20 06 03 55 1d 25 01 01 ff 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03    ...U.%.....0...+.........+......
00000300: 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 28 bd 1c bd 5f f3 eb a1 82 6b ea    .0...*.H.w...........(=.=_sk!.kj
00000320: 6c 06 d9 7d fe 0d 0d 3a 4b 58 8d a4 e5 e1 7a fb f7 21 e6 89 5b 39 cd b7 56 21 21 3f 56 cd 2d 33    l.Y}~..:KX.$eaz{w!f.[9M7V!!?VM-3
00000340: 85 98 c8 ce d1 b1 51 58 8a 3c cc 65 f4 e3 5f e7 c2 90 4e d4 3d ce 11 03 3c d8 ea 10 ab 42 ce 9f    ..HNQ1QX.<Letc_gB.NT=N..<Xj.+BN.
00000360: 40 0b d0 e0 fc 35 a7 bf 4f e1 6d 30 40 a6 80 b6 91 ee b4 b0 23 b5 dd 12 c9 20 ba 49 fe 8d 01 86    @.P`|5'?Oam0@&.6.n40#5].I.:I~...
00000380: ff 25 30 09 df 11 67 7c a3 b7 3b 40 c0 ba 47 3e c8 b1 a4 43 6f 3a 13 df 07 98 e0 bc f2 d2 47 d9    .%0._.g|#7;@@:G>H1$Co:._..`<rRGY
000003a0: 5e 61 d6 d1 57 7c 70 50 c9 26 6b d1 99 04 be 89 28 81 c2 c0 ef 96 4f 6c 3b 6d f3 83 d8 55 f4 b6    ^aVQW|pPI&kQ..>.(.B@o.Ol;ms.XUt6
000003c0: 1f 0d bb bb ab 23 e0 95 28 37 44 59 11 e4 da d0 d9 7f a8 10 db a7 47 6f 23 1f 13 0a b3 47 57 9a    ..;;+#`.(7DY.dZPY.(.['Go#...3GW.
000003e0: ff 55 fa 62 c3 31 3c 63 46 f2 40 65 6d af e5 23 30 a9 59 ef 67 22 50 33 11 13 9b f7 68 18 12 52    .UzbC1<cFr@em/e#0)Yog"P3...wh..R

.... ( 1045)}
securityMode                  /* MessageSecurityMode              */: SIGN ( 2)
securityPolicyUri             /* String                           */: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
userIdentityTokens            /* UserTokenPolicy               [] */: [
  { /*0*/
    policyId                  /* String                           */: usernamePassword
    tokenType                 /* EnumUserIdentityTokenType        */: USERNAME ( 1)
    issuedTokenType           /* String                           */: null
    issuerEndpointUrl         /* String                           */: null
    securityPolicyUri         /* String                           */: null
  },
  { /*1*/
    policyId                  /* String                           */: anonymous
    tokenType                 /* EnumUserIdentityTokenType        */: ANONYMOUS ( 0)
    issuedTokenType           /* String                           */: null
    issuerEndpointUrl         /* String                           */: null
    securityPolicyUri         /* String                           */: null
  }
]
transportProfileUri           /* String                           */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel                 /* Byte                             */: 3
};
done

But if I try to use it on a OPCUA Simulation Server (https://www.prosysopc.com/products/opc-ua-simulation-server/), I get the following error:

Yes! the server support this endpoints:
{ /*EndpointDescription*/
endpointUrl                   /* String                           */: opc.tcp://Ingos-MBP.fritz.box:53530
server                        /* ApplicationDescription           */: {
  applicationUri              /* String                           */: urn:Ingos-MBP.fritz.box:OPCUA:SimulationServer
  productUri                  /* String                           */: urn:prosysopc.com:OPCUA:SimulationServer
  applicationName             /* LocalizedText                    */: locale= text=SimulationServer
  applicationType             /* ApplicationType                  */: SERVER ( 0)
  gatewayServerUri            /* String                           */: null
  discoveryProfileUri         /* String                           */: null
  discoveryUrls               /* String                        [] */: [ opc.tcp://Ingos-MBP.fritz.box:53530] (l=1)
}
serverCertificate             /* ByteString                       */
BUFFER{00000000: 30 82 04 05 30 82 02 ed a0 03 02 01 02 02 06 01 62 d3 9c 26 d8 30 0d 06 09 2a 86 48 86 f7 0d 01    0...0..m........bS.&X0...*.H.w..
00000020: 01 0b 05 00 30 59 31 19 30 17 06 03 55 04 03 0c 10 53 69 6d 75 6c 61 74 69 6f 6e 53 65 72 76 65    ....0Y1.0...U....SimulationServe
00000040: 72 31 13 30 11 06 03 55 04 0a 0c 0a 50 72 6f 73 79 73 20 4f 50 43 31 27 30 25 06 0a 09 92 26 89    r1.0...U....Prosys.OPC1'0%....&.
00000060: 93 f2 2c 64 01 19 16 17 49 6e 67 6f 73 2d 4d 61 63 42 6f 6f 6b 2d 50 72 6f 2e 6c 6f 63 61 6c 30    .r,d....Ingos-MacBook-Pro.local0
00000080: 1e 17 0d 31 38 30 34 31 37 31 31 33 37 32 38 5a 17 0d 32 38 30 34 31 34 31 32 33 37 32 38 5a 30    ...180417113728Z..280414123728Z0
000000a0: 59 31 19 30 17 06 03 55 04 03 0c 10 53 69 6d 75 6c 61 74 69 6f 6e 53 65 72 76 65 72 31 13 30 11    Y1.0...U....SimulationServer1.0.
000000c0: 06 03 55 04 0a 0c 0a 50 72 6f 73 79 73 20 4f 50 43 31 27 30 25 06 0a 09 92 26 89 93 f2 2c 64 01    ..U....Prosys.OPC1'0%....&..r,d.
000000e0: 19 16 17 49 6e 67 6f 73 2d 4d 61 63 42 6f 6f 6b 2d 50 72 6f 2e 6c 6f 63 61 6c 30 82 01 22 30 0d    ...Ingos-MacBook-Pro.local0.."0.
00000100: 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 a2 69 8f bb b8    ..*.H.w...........0........"i.;8
00000120: 8c 12 6b c8 41 bc 58 75 34 6e 58 e2 fb 0a 25 8e af 4b 27 ec c7 97 7d 41 e6 7c 48 dc 92 0e dd ec    ..kHA<Xu4nXb{.%./K'lG.}Af|H\..]l
00000140: bf 88 fc a4 80 e1 47 a2 3d 85 be 83 85 7a 18 37 55 55 3f 8a 55 a4 e6 51 94 43 5e 67 bb 08 e2 ab    ?.|$.aG"=.>..z.7UU?.U$fQ.C^g;.b+
00000160: 0a 93 c3 d7 8f a2 c4 53 83 3c 3a bd 49 62 a3 89 5d 76 71 a0 ef 29 0a 20 43 78 a5 00 29 7a 5d 57    ..CW."DS.<:=Ib#.]vq.o)..Cx%.)z]W
00000180: 40 e5 e8 e7 37 ce 7a 9f d9 d1 8a 49 5f 42 24 7d 27 1f 99 fc e9 60 11 d5 b2 2d 99 32 bf a7 f9 ca    @ehg7Nz.YQ.I_B$}'..|i`.U2-.2?'yJ
000001a0: bf f1 ad 9b b9 bf c1 90 b4 fe 72 3e 93 a9 93 1e 7f 48 9c 38 3a 76 fd 34 d2 35 b9 39 86 15 f4 1f    ?q-.9?A.4~r>.)...H.8:v}4R599..t.
000001c0: 32 cf 5e e4 86 e3 f9 04 b7 68 0b d5 54 e8 cb ca 0e 01 df 45 df bb 9c 6b 31 35 62 c5 cf f0 65 a7    2O^d.cy.7h.UThKJ.._E_;.k15bEOpe'
000001e0: a5 c8 48 0a 4a 8d a1 e1 1c e1 fb 9c 2a 5e 37 26 2f 1d 2c 87 c7 25 3a fc 44 03 bb 30 94 a1 aa fb    %HH.J.!a.a{.*^7&/.,.G%:|D.;0.!*{
00000200: 64 7c 0f 64 db 4e 6d b0 84 35 d7 83 09 7a 9d f3 eb a1 cd 84 7a 70 97 84 f1 38 3d 02 03 01 00 01    d|.d[Nm0.5W..z.sk!M.zp..q8=.....
00000220: a3 81 d2 30 81 cf 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a9 84 09 5c 21 73 e4 fc 4e 0c 55 9d 12    #.R0.O0...U.#..0...)..\!sd|N.U..
00000240: b2 f8 5c 89 96 a6 ed 30 1d 06 03 55 1d 0e 04 16 04 14 a9 84 09 5c 21 73 e4 fc 4e 0c 55 9d 12 b2    2x\..&m0...U......)..\!sd|N.U..2
00000260: f8 5c 89 96 a6 ed 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 02 f4 30 1d    x\..&m0...U....0.0...U.......t0.
00000280: 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 56 06    ..U.%..0...+.........+.......0V.
000002a0: 03 55 1d 11 04 4f 30 4d 86 32 75 72 6e 3a 49 6e 67 6f 73 2d 4d 61 63 42 6f 6f 6b 2d 50 72 6f 2e    .U...O0M.2urn:Ingos-MacBook-Pro.
000002c0: 6c 6f 63 61 6c 3a 4f 50 43 55 41 3a 53 69 6d 75 6c 61 74 69 6f 6e 53 65 72 76 65 72 82 17 49 6e    local:OPCUA:SimulationServer..In
000002e0: 67 6f 73 2d 4d 61 63 42 6f 6f 6b 2d 50 72 6f 2e 6c 6f 63 61 6c 30 0d 06 09 2a 86 48 86 f7 0d 01    gos-MacBook-Pro.local0...*.H.w..
00000300: 01 0b 05 00 03 82 01 01 00 53 fa ea dd ed 2e f2 ec 25 14 f8 9c 0f 1b 3f 93 90 3f b9 de 48 b1 9d    .........Szj]m.rl%.x...?..?9^H1.
00000320: 7d 32 d7 6b 6b df f1 56 b1 06 e7 69 4e c0 c9 c9 81 fd 3d af fc c5 db 6a 2d d2 d0 d1 77 7e 46 da    }2Wkk_qV1.giN@II.}=/|E[j-RPQw~FZ
00000340: 09 ad ed 1b 50 ea 1b 7f 2a da f5 4d 02 25 ec 30 18 d7 2c 82 f2 a0 b7 fc c4 01 53 51 20 c3 20 b4    .-m.Pj..*ZuM.%l0.W,.r.7|D.SQ.C.4
00000360: 40 97 39 54 c6 0b 3e 92 ba a5 eb 15 66 43 b4 6f fe f5 57 3a fe e1 79 fa 73 5f 0b ee 3d e2 b1 f6    @.9TF.>.:%k.fC4o~uW:~ayzs_.n=b1v
00000380: 41 b1 74 d6 93 dc b9 70 7a 17 aa e4 a9 2b a6 6c dd bc a8 23 e2 22 14 ef 4e 6e ab f9 19 86 40 fb    A1tV.\9pz.*d)+&l]<(#b".oNn+y..@{
000003a0: e7 d3 be 09 18 47 51 bf 00 b7 35 99 d0 fb 1c 7f a7 0d 65 38 7e 84 9c f5 bc c2 af 29 d0 dc f6 8a    gS>..GQ?.75.P{..'.e8~..u<B/)P\v.
000003c0: 79 2d 3e 67 c4 92 ea 9f 67 29 17 3b 1a 9a 5c 26 53 62 bd 47 c5 ce 51 fb 9c b9 81 7c 56 31 87 aa    y->gD.j.g).;..\&Sb=GENQ{.9.|V1.*
000003e0: 02 fd 47 32 5c bd 24 5b 47 e3 d3 63 9a 22 72 89 6c 47 64 8a ba 0b 78 b5 60 60 30 5e d0 9f c6 44    .}G2\=$[GcSc."r.lGd.:.x5``0^P.FD

.... ( 1033)}
securityMode                  /* MessageSecurityMode              */: SIGN ( 2)
securityPolicyUri             /* String                           */: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
userIdentityTokens            /* UserTokenPolicy               [] */: [
  { /*0*/
    policyId                  /* String                           */: anonymous
    tokenType                 /* EnumUserIdentityTokenType        */: ANONYMOUS ( 0)
    issuedTokenType           /* String                           */: null
    issuerEndpointUrl         /* String                           */: null
    securityPolicyUri         /* String                           */: null
  }
]
transportProfileUri           /* String                           */: http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
securityLevel                 /* Byte                             */: 1
};
ERROR RECEIVED FROM SENDER BadSecurityChecksFailed (0x80130000) Bad_SecurityChecksFailed (code=0x80130000, description="An error occurred verifying security.")
00000000: 45 52 52 46 6f 00 00 00 00 00 13 80 5f 00 00 00 42 61 64 5f 53 65 63 75 72 69 74 79 43 68 65 63    ERRFo......._...Bad_SecurityChec
00000020: 6b 73 46 61 69 6c 65 64 20 28 63 6f 64 65 3d 30 78 38 30 31 33 30 30 30 30 2c 20 64 65 73 63 72    ksFailed.(code=0x80130000,.descr
00000040: 69 70 74 69 6f 6e 3d 22 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 20 76 65 72 69 66 79    iption="An.error.occurred.verify
00000060: 69 6e 67 20 73 65 63 75 72 69 74 79 2e 22 29                                                       ing.security.")

message was
undefined
message was 2: { /*OpenSecureChannelRequest*/
requestHeader                 /* RequestHeader                    */: {
  authenticationToken         /* NodeId                           */: ns=0;i=0
  timeStamp                   /* UtcTime                          */: 2018-06-03T20:17:27.545Z
  requestHandle               /* IntegerId                        */: 1               0x1
  returnDiagnostics           /* UInt32                           */: 0               0x0
  auditEntryId                /* UAString                         */: null
  timeoutHint                 /* UInt32                           */: 0               0x0
  additionalHeader            /* ExtensionObject                  */: null
}
clientProtocolVersion         /* UInt32                           */: 0               0x0
requestType                   /* SecurityTokenRequestType         */: ISSUE ( 0)
securityMode                  /* MessageSecurityMode              */: SIGN ( 2)
clientNonce                   /* ByteString                       */
BUFFER{00000000: 7b 08 31 37 c9 48 ef a9 1a a5 47 67 7b e2 e7 18 42 24 27 ca 04 a4 ad aa 0f 01 4d 27 18 c1 36 09    {.17IHo).%Gg{bg.B$'J.$-*..M'.A6.
}
requestedLifetime             /* UInt32                           */: 600000               0x927c0
};
ERROR RECEIVED FROM SENDER BadSecurityChecksFailed (0x80130000) Bad_SecurityChecksFailed (code=0x80130000, description="An error occurred verifying security.")
00000000: 45 52 52 46 6f 00 00 00 00 00 13 80 5f 00 00 00 42 61 64 5f 53 65 63 75 72 69 74 79 43 68 65 63    ERRFo......._...Bad_SecurityChec
00000020: 6b 73 46 61 69 6c 65 64 20 28 63 6f 64 65 3d 30 78 38 30 31 33 30 30 30 30 2c 20 64 65 73 63 72    ksFailed.(code=0x80130000,.descr
00000040: 69 70 74 69 6f 6e 3d 22 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 20 76 65 72 69 66 79    iption="An.error.occurred.verify
00000060: 69 6e 67 20 73 65 63 75 72 69 74 79 2e 22 29                                                       ing.security.")

message was
undefined
message was 2: { /*OpenSecureChannelRequest*/
requestHeader                 /* RequestHeader                    */: {
  authenticationToken         /* NodeId                           */: ns=0;i=0
  timeStamp                   /* UtcTime                          */: 2018-06-03T20:17:27.545Z
  requestHandle               /* IntegerId                        */: 1               0x1
  returnDiagnostics           /* UInt32                           */: 0               0x0
  auditEntryId                /* UAString                         */: null
  timeoutHint                 /* UInt32                           */: 0               0x0
  additionalHeader            /* ExtensionObject                  */: null
}
clientProtocolVersion         /* UInt32                           */: 0               0x0
requestType                   /* SecurityTokenRequestType         */: ISSUE ( 0)
securityMode                  /* MessageSecurityMode              */: SIGN ( 2)
clientNonce                   /* ByteString                       */
BUFFER{00000000: 7b 08 31 37 c9 48 ef a9 1a a5 47 67 7b e2 e7 18 42 24 27 ca 04 a4 ad aa 0f 01 4d 27 18 c1 36 09    {.17IHo).%Gg{bg.B$'J.$-*..M'.A6.
}
requestedLifetime             /* UInt32                           */: 600000               0x927c0
};

(node:1235) UnhandledPromiseRejectionWarning: Error: _socket has been disconnected by third party
    at ClientTCP_transport.TCP_transport._on_socket_ended_message (/Users/ingokaiser/Downloads/0/node_modules/node-opcua-transport/src/tcp_transport.js:267:18)
    at Socket.<anonymous> (/Users/ingokaiser/Downloads/0/node_modules/node-opcua-transport/src/tcp_transport.js:333:14)
    at emitNone (events.js:111:20)
    at Socket.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickCallback (internal/process/next_tick.js:180:9)
(node:1235) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id:1)
(node:1235) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

This is the Server configuration:

What am I missing here?