OPC UA TCP Troubleshooting

Error Messages

Bad_CertificateUriInvalid, value=0x80170000, The URI specified in the ApplicationDescription does not match the URI in the Certificate

Description

OPC UA requires the server and client to provide a certificate at the time of connection, regardless of whether security is used. The Certificate contains a SubjectAlternative name with a value of URL=urn:hostname:appname. This URL must match the URL defined in the ApplicationDescription which is also passed during the connection. Both sides must verify the certificate and ApplicationDescription match. If they don’t match the connection is closed with the above error.

Solution

  1. If HighByte is running inside of docker, make sure the docker configuration sets the hostname. Otherwise the container gets a random hostname each time it’s restarted. The certificate is cached for each run and will contain the hostname of the first run. To regenerate the certificate, delete the ‘app-certificate-private-key’ in the certificates list.
  2. Verify the URL for the client and server certificates match the hostnames.
  3. Verify there are no special characters (ex. spaces) in the URL. These must be URL encoded in the certificate (i.e. space is %20)