Connection to device OPCUA

Question

I'm using one certificate with his private key, this certificate is created with this conf :

[ req ] 
default_bits = 2048 
default_md = sha256 
distinguished_name = subject 
req_extensions = req_ext 
x509_extensions = req_ext 
string_mask = utf8only 
prompt = no 
[ req_ext ] 
basicConstraints = CA:FALSE 
nsCertType = client, server 
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign 
extendedKeyUsage= serverAuth, clientAuth 
nsComment = "OpenSSL Tutorial for IRC5 OPC-UA" 
subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer 
subjectAltName = URI:urn:freeopcua:client,IP: 192.168.130.240 
[ subject ] 
countryName = SE 
stateOrProvinceName = VG 
localityName = VG 
organizationName = ABB 
commonName = opcUA

It's working with this code :

import asyncio
from asyncua import Client

async def connect_to_opcua_server():
    url = "opc.tcp://192.168.130.240:49320"
    username = "username"
    password = "password"
    policy = "Basic256Sha256"
    mode = "SignAndEncrypt"
    certificate_path = "certificate.pem"
    private_key_path = "private_key.pem"

    # create client opc ua
    client = Client(url)

    # security
    security_string = f"{policy},{mode},{certificate_path},{private_key_path}"
    
    # define security by using set_security_string
    await client.set_security_string(security_string)
    

    # authentication
    client.set_user(username)
    client.set_password(password)

    # connect to opc
    await client.connect()

    print("connected !\n")

But now, i want it to work with this code :

import asyncio
from asyncua import Client
    
async def connect_to_opcua_server():
    url = "opc.tcp://192.168.120.200:51310/CogentDataHub/DataAccess"
    username = "username"
    password = "password"
    policy = "Basic256Sha256"
    mode = "SignAndEncrypt"
    certificate_path = "certificate.pem"
    private_key_path = "private_key.pem"

    # create client opc ua
    client = Client(url)
    

    # security
    security_string = f"{policy},{mode},{certificate_path},{private_key_path}"
    
    # define security by using set_security_string
    await client.set_security_string(security_string)
    
    
    # authentication
    client.set_user(username)
    client.set_password(password)
    
    
    # connect to opc
    await client.connect()

    print("connected !\n")

The thing that is changing between those 2 codes is url, the url

"opc.tcp://192.168.120.200:51310/CogentDataHub/DataAccess"

is a device into "opc.tcp://192.168.130.240:49320"

but it's not working at all, i have this error :

asyncua.ua.uaerrors._auto.BadCertificateUriInvalid: "The URI specified in the ApplicationDescription does not match the URI in the certificate."(BadCertificateUriInvalid)

I don't have enough experience with opc ua to know why it's not working

Connection to "opc.tcp://192.168.120.200:51310/CogentDataHub/DataAccess" is working with UA Expert with the same security (Basic256Sha256, SignAndEncrypt and login/password)

Thanks for your responses :)

Answer 1

Make sure your application altname is matching the client urn:

client.application_uri = "urn:freeopcua:client"

Also maybe some server check the dns name:

subjectAltName = URI:urn:freeopcua:client,IP:192.168.130.240,DNS:Hostname