OPC UA Client certificate connection problem: BadCertificateUseNotAllowed

I’m using the Softing C++ UA Toolkit v5.57 to create a OPC UA client to connect to a OPC UA server.
As connecting to the server requires SSL encryption (Security mode SignAndEncrypt, Security policy Basic256Sha256) I’ve created my own self-signed certificates using OpenSSL.

This setup worked fine until a recent update to the OPC UA server which (at the minimum) changed the way its certificates are generated. I’ve already re-added my self-signed certificate to the Servers trusted certificate store, as well adding the server’s new certificate to my client’s trusted certificate store. I can successfully connect to the server using 3rd party OPC UA clients.

However no matter what I try, I get the BadCertificateUseNotAllowed error, when trying to connect my application (which worked before) to the server – turning the trace up to maximum I can see that I successfully get the endpoints, but when changing to USAGE_SESSION I run into BadCertificateUseNotAllowed. Removing the server’s certificate from my client’s trusted store yields the expected “certificate untrusted” error, re-adding it returns to the “use not allowed” error.

Looking at the error description, I could only learn that… some kind of usage was not permitted for the certificate? I have already double-checked that e.g. keyEncipherment, dataEncipherment are enabled in both certificates.

One thing I saw as a notable change is that the old certificate of the OPC UA server had it as Subject Type=CA, while the new one downgraded it to Subject Type=End Entity – but as I do not use the Server’s certificate as a CA it should not have any impact here, I think.

The Error Log is as follows:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
<code> Info Application::initialize(...)
Info Application::loadCertificate(...)
Info Application::loadPrivateKey(...)
Info Application::activateLicense(...)
Info Application::start(...)
Info FoundationStack::loadCertificate
Info Certificate loaded: 'C:/CERTIF~1/CERT_C~1.DER'
Info FoundationStack::loadPrivateKey
Info Application::getEndpointsFromServer(...)
Info Client session: 05483FF0 constructor
Info Secure channel: 00842FD8(00000000) constructor
Info Secure channel: 00842FD8(00000000) registered
Info Secure channel: 00842FD8(00000000) add Session (05483FF0) to opc.tcp://192.168.100.100:4842/ [0]
Info Secure channel: 00842FD8(0540B838) opening sync
Debug Connection info url: opc.tcp://192.168.100.100:4842/
Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None
Debug Connection info client certificate length: 1386
Debug Connection info client key length: 1191
Debug Connection info server certificate length: -1
Debug Connection info message security mode: 1
Info Endpoint idx : 0
Info EndpointUrl : 'opc.tcp://MO-CM-6:4842'
Info SecurityPolicyUri : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'
Info SecurityMode : 2
Info TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
Info Certificate length : 917
Info Server.ServerName : 'Application 1'
Info Server.ServerUri : 'urn:OPC-UA:Application 1'
Info Server.ProductUri : 'urn:OPC-UA:Server'
Info Server.GatewayServerUri : ' -- null char* string -- '
Info Server.DiscoveryProfileUri : ' -- null char* string -- '
Info UserIdentity token policy id : open62541-certificate-policy-sign#Basic256Sha256
Info UserIdentity token policy id : open62541-username-policy-sign#Basic256Sha256
Info Endpoint idx : 1
Info EndpointUrl : 'opc.tcp://MO-CM-6:4842'
Info SecurityPolicyUri : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'
Info SecurityMode : 3
Info TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
Info Certificate length : 917
Info Server.ServerName : 'Application 1'
Info Server.ServerUri : 'urn:OPC-UA:Application 1'
Info Server.ProductUri : 'urn:OPC-UA:Server'
Info Server.GatewayServerUri : ' -- null char* string -- '
Info Server.DiscoveryProfileUri : ' -- null char* string -- '
Info UserIdentity token policy id : open62541-certificate-policy-sign+encrypt#Basic256Sha256
Info UserIdentity token policy id : open62541-username-policy-sign+encrypt#Basic256Sha256
Info Secure channel: 00842FD8(0540B838) finally disconnecting sync
Info Secure channel: 00842FD8(0540B838) remove session (05483FF0) to opc.tcp://192.168.100.100:4842/
Info Secure channel: 00842FD8(00000000) unregistered
Info Secure channel: 00842FD8(00000000) destructor
Info Client session: 05483FF0 destructor, secure channel: 00000000
Debug Removed SynchronizeTargetStates action
Info Update reconnect action : object state is Disconnected
Info Client session: 05522F48 constructor
Info Session::setSecurityConfiguration(...)
Info Application::addSession(...)
Info Session::isConnected(...)
Info Session::connect(...)
Info Connecting session (05522F48) reconnect: 0
Info FoundationStack::createCryptoProvider
Info Session (05522F48) doConnectDisconnect State: INIT
Info Asynchronous connect started
Debug Setting channel usage to USAGE_SESSION
Info doConnectDisconnect (session: 05522F48) getting endpoints
Debug Setting channel usage to USAGE_GETENDPOINTS
Info Secure channel: 00842678(00000000) constructor
Info Secure channel: 00842678(00000000) registered
Info Secure channel: 00842678(00000000) add Session (05522F48) to opc.tcp://192.168.100.100:4842/ [0]
Info Secure channel: 00842678(0540B838) opening async
Debug Connection info url: opc.tcp://192.168.100.100:4842/
Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None
Debug Connection info client certificate length: 1386
Debug Connection info client key length: 1191
Debug Connection info server certificate length: 917
Debug Connection info message security mode: 1
Info Secure channel: 00842678(0540B838) received stack callback (event 1)
Info Secure channel: 00842678(0540B838) connection changed to connected
Info Session : Connection status changed to: CONNECTED, status = Good
Info Session (05522F48) doConnectDisconnect State: INSECURE_CHANNEL_OPENED
Debug : Number of scheduled work items: 1
Info Secure channel open response: Good
Debug : Number of scheduled work items: 1
Info Session (05522F48) doConnectDisconnect State: GETENDPOINTS_DONE
Info GetEndpoints response: Good
Debug Setting channel usage to USAGE_GETENDPOINTS
Info Secure channel: 00842678(0540B838) closing async for session (05522F48) to opc.tcp://192.168.100.100:4842/
Info Secure channel: 00842678(0540B838) finally disconnecting async
Info Secure channel: 00842678(0540B838) received stack callback (event 2)
Info Secure channel: 00842678(0540B838) connection changed to disconnected
Info Secure channel: 00842678(0540B838) remove session (05522F48) to opc.tcp://192.168.100.100:4842/
Info Secure channel: 00842678(00000000) unregistered
Info Session : Connection status changed to: DISCONNECTED, status = Good
Info postDisconnectEvent Good
Debug : Number of scheduled work items: 1
Info Session (05522F48) onDisconnectEvent Old state: Connecting
Info Secure channel: 00842678(00000000) destructor
Info Session (05522F48) doConnectDisconnect State: INSECURE_CHANNEL_CLOSED
Debug Setting channel usage to USAGE_SESSION
Info Secure channel: 00842BF0(00000000) constructor
Info Secure channel: 00842BF0(00000000) registered
Info Secure channel: 00842BF0(00000000) add Session (05522F48) to opc.tcp://192.168.100.100:4842/ [0]
Info Secure channel: 00842BF0(05408238) opening async
Debug Connection info url: opc.tcp://192.168.100.100:4842/
Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
Debug Connection info client certificate length: 1386
Debug Connection info client key length: 1191
Debug Connection info server certificate length: 917
Debug Connection info message security mode: 3
Info Update reconnect action : object state is Connecting
Info Secure channel: 00842BF0(05408238) received stack callback (event 1)
Info Secure channel: 00842BF0(05408238) connection changed to connected
Info Session : Connection status changed to: CONNECTED, status = BadCertificateUseNotAllowed
Debug : Number of scheduled work items: 1
Info Session (05522F48) doConnectDisconnect State: SECURE_CHANNEL_OPENED
Info Secure channel open response: BadCertificateUseNotAllowed
Info postDisconnectEvent BadCertificateUseNotAllowed
Debug : Number of scheduled work items: 1
Info (842) Session (05522F48) onDisconnectEvent Old state: Disconnecting
Info Session (05522F48) doConnectDisconnect State: SECURE_CHANNEL_CLOSED
Info Close secure channel response: BadCertificateUseNotAllowed
Info Secure channel: 00842BF0(05408238) remove session (05522F48) to opc.tcp://192.168.100.100:4842/
Info Secure channel: 00842BF0(00000000) unregistered
Info Secure channel: 00842BF0(00000000) destructor
Info Update reconnect action : object state is Disconnected
Debug : Number of scheduled work items: 1
Info Update reconnect action : object state is Disconnected
Info Sending response to agent: BadCertificateUseNotAllowed
Info Connect session done, new state:Disconnected
Info Update reconnect action : object state is Disconnected
Error Error result from API call Session::connect(...) BadCertificateUseNotAllowed
Info Session::isConnected(...)
Info Application::removeSession(...)
Debug Removed SynchronizeTargetStates action
Info Session (05522F48) doConnectDisconnect State: INIT
Info Asynchronous disconnect started
Info channel already closed
Info Update reconnect action : object state is Disconnected
Debug : Number of scheduled work items: 1
Info Sending response to agent: Good
Debug Removed SynchronizeTargetStates action
Info Update reconnect action : object state is Disconnected
Info Client session: 05522F48 destructor, secure channel: 00000000
Debug Removed SynchronizeTargetStates action
Info Update reconnect action : object state is Disconnected
Info Application::getEndpointsFromServer(...)
Info Client session: 055231E8 constructor
Info Secure channel: 00842290(00000000) constructor
Info Secure channel: 00842290(00000000) registered
Info Secure channel: 00842290(00000000) add Session (055231E8) to opc.tcp://192.168.100.100:4842/ [0]
Info Secure channel: 00842290(0540B4F8) opening sync
Debug Connection info url: opc.tcp://192.168.100.100:4842/
Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None
Debug Connection info client certificate length: 1386
Debug Connection info client key length: 1191
Debug Connection info server certificate length: -1
Debug Connection info message security mode: 1
Info Endpoint idx : 0
Info EndpointUrl : 'opc.tcp://MO-CM-6:4842'
Info SecurityPolicyUri : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'
Info SecurityMode : 2
Info TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
Info Certificate length : 917
Info Server.ServerName : 'Application 1'
Info Server.ServerUri : 'urn:OPC-UA:Application 1'
Info Server.ProductUri : 'urn:OPC-UA:Server'
Info Server.GatewayServerUri : ' -- null char* string -- '
Info Server.DiscoveryProfileUri : ' -- null char* string -- '
Info UserIdentity token policy id : open62541-certificate-policy-sign#Basic256Sha256
Info UserIdentity token policy id : open62541-username-policy-sign#Basic256Sha256
Info Endpoint idx : 1
Info EndpointUrl : 'opc.tcp://MO-CM-6:4842'
Info SecurityPolicyUri : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'
Info SecurityMode : 3
Info TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
Info Certificate length : 917
Info Server.ServerName : 'Application 1'
Info Server.ServerUri : 'urn:OPC-UA:Application 1'
Info Server.ProductUri : 'urn:OPC-UA:Server'
Info Server.GatewayServerUri : ' -- null char* string -- '
Info Server.DiscoveryProfileUri : ' -- null char* string -- '
Info UserIdentity token policy id : open62541-certificate-policy-sign+encrypt#Basic256Sha256
Info UserIdentity token policy id : open62541-username-policy-sign+encrypt#Basic256Sha256
Info Secure channel: 00842290(0540B4F8) finally disconnecting sync
Info Secure channel: 00842290(0540B4F8) remove session (055231E8) to opc.tcp://192.168.100.100:4842/
Info Secure channel: 00842290(00000000) unregistered
Info Secure channel: 00842290(00000000) destructor
Info Client session: 055231E8 destructor, secure channel: 00000000
Debug Removed SynchronizeTargetStates action
Info Update reconnect action : object state is Disconnected
Info Client session: 055231E8 constructor
Info Session::setSecurityConfiguration(...)
Info Application::addSession(...)
Info Session::isConnected(...)
Info Session::connect(...)
Info Connecting session (055231E8) reconnect: 0
Info Session (055231E8) doConnectDisconnect State: INIT
Info Asynchronous connect started
Debug Setting channel usage to USAGE_SESSION
Info doConnectDisconnect (session: 055231E8) getting endpoints
Debug Setting channel usage to USAGE_GETENDPOINTS
Info Secure channel: 00842420(00000000) constructor
Info Secure channel: 00842420(00000000) registered
Info Secure channel: 00842420(00000000) add Session (055231E8) to opc.tcp://192.168.100.100:4842/ [0]
Info Secure channel: 00842420(0540B4B8) opening async
Debug Connection info url: opc.tcp://192.168.100.100:4842/
Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None
Debug Connection info client certificate length: 1386
Debug Connection info client key length: 1191
Debug Connection info server certificate length: 917
Debug Connection info message security mode: 1
Info Secure channel: 00842420(0540B4B8) received stack callback (event 1)
Info Secure channel: 00842420(0540B4B8) connection changed to connected
Info Session : Connection status changed to: CONNECTED, status = Good
Debug : Number of scheduled work items: 1
Info Session (055231E8) doConnectDisconnect State: INSECURE_CHANNEL_OPENED
Info Secure channel open response: Good
Debug : Number of scheduled work items: 1
Info Session (055231E8) doConnectDisconnect State: GETENDPOINTS_DONE
Info GetEndpoints response: Good
Debug Setting channel usage to USAGE_GETENDPOINTS
Info Secure channel: 00842420(0540B4B8) closing async for session (055231E8) to opc.tcp://192.168.100.100:4842/
Info Secure channel: 00842420(0540B4B8) finally disconnecting async
Info Secure channel: 00842420(0540B4B8) received stack callback (event 2)
Info Secure channel: 00842420(0540B4B8) connection changed to disconnected
Info Secure channel: 00842420(0540B4B8) remove session (055231E8) to opc.tcp://192.168.100.100:4842/
Info Secure channel: 00842420(00000000) unregistered
Info Session : Connection status changed to: DISCONNECTED, status = Good
Info postDisconnectEvent Good
Debug : Number of scheduled work items: 1
Info Session (055231E8) onDisconnectEvent Old state: Connecting
Info Session (055231E8) doConnectDisconnect State: INSECURE_CHANNEL_CLOSED
Debug Setting channel usage to USAGE_SESSION
Info Secure channel: 00842678(00000000) constructor
Info Secure channel: 00842420(00000000) destructor
Info Secure channel: 00842678(00000000) registered
Info Secure channel: 00842678(00000000) add Session (055231E8) to opc.tcp://192.168.100.100:4842/ [0]
Info Secure channel: 00842678(05408538) opening async
Debug Connection info url: opc.tcp://192.168.100.100:4842/
Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
Debug Connection info client certificate length: 1386
Debug Connection info client key length: 1191
Debug Connection info server certificate length: 917
Debug Connection info message security mode: 3
Info Update reconnect action : object state is Connecting
Info Secure channel: 00842678(05408538) received stack callback (event 1)
Info Secure channel: 00842678(05408538) connection changed to connected
Info Session : Connection status changed to: CONNECTED, status = BadCertificateUseNotAllowed
Info Session (055231E8) doConnectDisconnect State: SECURE_CHANNEL_OPENED
Info Secure channel open response: BadCertificateUseNotAllowed
Debug : Number of scheduled work items: 1
Info postDisconnectEvent BadCertificateUseNotAllowed
Debug : Number of scheduled work items: 1
Info Session (055231E8) onDisconnectEvent Old state: Disconnecting
Info Session (055231E8) doConnectDisconnect State: SECURE_CHANNEL_CLOSED
Info Close secure channel response: BadCertificateUseNotAllowed
Info Secure channel: 00842678(05408538) remove session (055231E8) to opc.tcp://192.168.100.100:4842/
Info Secure channel: 00842678(00000000) unregistered
Info Secure channel: 00842678(00000000) destructor
Info Update reconnect action : object state is Disconnected
Debug : Number of scheduled work items: 1
Info Update reconnect action : object state is Disconnected
Info Sending response to agent: BadCertificateUseNotAllowed
Info Connect session done, new state:Disconnected
Info Update reconnect action : object state is Disconnected
Error Error result from API call Session::connect(...) BadCertificateUseNotAllowed
</code>
<code> Info Application::initialize(...) Info Application::loadCertificate(...) Info Application::loadPrivateKey(...) Info Application::activateLicense(...) Info Application::start(...) Info FoundationStack::loadCertificate Info Certificate loaded: 'C:/CERTIF~1/CERT_C~1.DER' Info FoundationStack::loadPrivateKey Info Application::getEndpointsFromServer(...) Info Client session: 05483FF0 constructor Info Secure channel: 00842FD8(00000000) constructor Info Secure channel: 00842FD8(00000000) registered Info Secure channel: 00842FD8(00000000) add Session (05483FF0) to opc.tcp://192.168.100.100:4842/ [0] Info Secure channel: 00842FD8(0540B838) opening sync Debug Connection info url: opc.tcp://192.168.100.100:4842/ Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None Debug Connection info client certificate length: 1386 Debug Connection info client key length: 1191 Debug Connection info server certificate length: -1 Debug Connection info message security mode: 1 Info Endpoint idx : 0 Info EndpointUrl : 'opc.tcp://MO-CM-6:4842' Info SecurityPolicyUri : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256' Info SecurityMode : 2 Info TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary' Info Certificate length : 917 Info Server.ServerName : 'Application 1' Info Server.ServerUri : 'urn:OPC-UA:Application 1' Info Server.ProductUri : 'urn:OPC-UA:Server' Info Server.GatewayServerUri : ' -- null char* string -- ' Info Server.DiscoveryProfileUri : ' -- null char* string -- ' Info UserIdentity token policy id : open62541-certificate-policy-sign#Basic256Sha256 Info UserIdentity token policy id : open62541-username-policy-sign#Basic256Sha256 Info Endpoint idx : 1 Info EndpointUrl : 'opc.tcp://MO-CM-6:4842' Info SecurityPolicyUri : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256' Info SecurityMode : 3 Info TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary' Info Certificate length : 917 Info Server.ServerName : 'Application 1' Info Server.ServerUri : 'urn:OPC-UA:Application 1' Info Server.ProductUri : 'urn:OPC-UA:Server' Info Server.GatewayServerUri : ' -- null char* string -- ' Info Server.DiscoveryProfileUri : ' -- null char* string -- ' Info UserIdentity token policy id : open62541-certificate-policy-sign+encrypt#Basic256Sha256 Info UserIdentity token policy id : open62541-username-policy-sign+encrypt#Basic256Sha256 Info Secure channel: 00842FD8(0540B838) finally disconnecting sync Info Secure channel: 00842FD8(0540B838) remove session (05483FF0) to opc.tcp://192.168.100.100:4842/ Info Secure channel: 00842FD8(00000000) unregistered Info Secure channel: 00842FD8(00000000) destructor Info Client session: 05483FF0 destructor, secure channel: 00000000 Debug Removed SynchronizeTargetStates action Info Update reconnect action : object state is Disconnected Info Client session: 05522F48 constructor Info Session::setSecurityConfiguration(...) Info Application::addSession(...) Info Session::isConnected(...) Info Session::connect(...) Info Connecting session (05522F48) reconnect: 0 Info FoundationStack::createCryptoProvider Info Session (05522F48) doConnectDisconnect State: INIT Info Asynchronous connect started Debug Setting channel usage to USAGE_SESSION Info doConnectDisconnect (session: 05522F48) getting endpoints Debug Setting channel usage to USAGE_GETENDPOINTS Info Secure channel: 00842678(00000000) constructor Info Secure channel: 00842678(00000000) registered Info Secure channel: 00842678(00000000) add Session (05522F48) to opc.tcp://192.168.100.100:4842/ [0] Info Secure channel: 00842678(0540B838) opening async Debug Connection info url: opc.tcp://192.168.100.100:4842/ Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None Debug Connection info client certificate length: 1386 Debug Connection info client key length: 1191 Debug Connection info server certificate length: 917 Debug Connection info message security mode: 1 Info Secure channel: 00842678(0540B838) received stack callback (event 1) Info Secure channel: 00842678(0540B838) connection changed to connected Info Session : Connection status changed to: CONNECTED, status = Good Info Session (05522F48) doConnectDisconnect State: INSECURE_CHANNEL_OPENED Debug : Number of scheduled work items: 1 Info Secure channel open response: Good Debug : Number of scheduled work items: 1 Info Session (05522F48) doConnectDisconnect State: GETENDPOINTS_DONE Info GetEndpoints response: Good Debug Setting channel usage to USAGE_GETENDPOINTS Info Secure channel: 00842678(0540B838) closing async for session (05522F48) to opc.tcp://192.168.100.100:4842/ Info Secure channel: 00842678(0540B838) finally disconnecting async Info Secure channel: 00842678(0540B838) received stack callback (event 2) Info Secure channel: 00842678(0540B838) connection changed to disconnected Info Secure channel: 00842678(0540B838) remove session (05522F48) to opc.tcp://192.168.100.100:4842/ Info Secure channel: 00842678(00000000) unregistered Info Session : Connection status changed to: DISCONNECTED, status = Good Info postDisconnectEvent Good Debug : Number of scheduled work items: 1 Info Session (05522F48) onDisconnectEvent Old state: Connecting Info Secure channel: 00842678(00000000) destructor Info Session (05522F48) doConnectDisconnect State: INSECURE_CHANNEL_CLOSED Debug Setting channel usage to USAGE_SESSION Info Secure channel: 00842BF0(00000000) constructor Info Secure channel: 00842BF0(00000000) registered Info Secure channel: 00842BF0(00000000) add Session (05522F48) to opc.tcp://192.168.100.100:4842/ [0] Info Secure channel: 00842BF0(05408238) opening async Debug Connection info url: opc.tcp://192.168.100.100:4842/ Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256 Debug Connection info client certificate length: 1386 Debug Connection info client key length: 1191 Debug Connection info server certificate length: 917 Debug Connection info message security mode: 3 Info Update reconnect action : object state is Connecting Info Secure channel: 00842BF0(05408238) received stack callback (event 1) Info Secure channel: 00842BF0(05408238) connection changed to connected Info Session : Connection status changed to: CONNECTED, status = BadCertificateUseNotAllowed Debug : Number of scheduled work items: 1 Info Session (05522F48) doConnectDisconnect State: SECURE_CHANNEL_OPENED Info Secure channel open response: BadCertificateUseNotAllowed Info postDisconnectEvent BadCertificateUseNotAllowed Debug : Number of scheduled work items: 1 Info (842) Session (05522F48) onDisconnectEvent Old state: Disconnecting Info Session (05522F48) doConnectDisconnect State: SECURE_CHANNEL_CLOSED Info Close secure channel response: BadCertificateUseNotAllowed Info Secure channel: 00842BF0(05408238) remove session (05522F48) to opc.tcp://192.168.100.100:4842/ Info Secure channel: 00842BF0(00000000) unregistered Info Secure channel: 00842BF0(00000000) destructor Info Update reconnect action : object state is Disconnected Debug : Number of scheduled work items: 1 Info Update reconnect action : object state is Disconnected Info Sending response to agent: BadCertificateUseNotAllowed Info Connect session done, new state:Disconnected Info Update reconnect action : object state is Disconnected Error Error result from API call Session::connect(...) BadCertificateUseNotAllowed Info Session::isConnected(...) Info Application::removeSession(...) Debug Removed SynchronizeTargetStates action Info Session (05522F48) doConnectDisconnect State: INIT Info Asynchronous disconnect started Info channel already closed Info Update reconnect action : object state is Disconnected Debug : Number of scheduled work items: 1 Info Sending response to agent: Good Debug Removed SynchronizeTargetStates action Info Update reconnect action : object state is Disconnected Info Client session: 05522F48 destructor, secure channel: 00000000 Debug Removed SynchronizeTargetStates action Info Update reconnect action : object state is Disconnected Info Application::getEndpointsFromServer(...) Info Client session: 055231E8 constructor Info Secure channel: 00842290(00000000) constructor Info Secure channel: 00842290(00000000) registered Info Secure channel: 00842290(00000000) add Session (055231E8) to opc.tcp://192.168.100.100:4842/ [0] Info Secure channel: 00842290(0540B4F8) opening sync Debug Connection info url: opc.tcp://192.168.100.100:4842/ Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None Debug Connection info client certificate length: 1386 Debug Connection info client key length: 1191 Debug Connection info server certificate length: -1 Debug Connection info message security mode: 1 Info Endpoint idx : 0 Info EndpointUrl : 'opc.tcp://MO-CM-6:4842' Info SecurityPolicyUri : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256' Info SecurityMode : 2 Info TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary' Info Certificate length : 917 Info Server.ServerName : 'Application 1' Info Server.ServerUri : 'urn:OPC-UA:Application 1' Info Server.ProductUri : 'urn:OPC-UA:Server' Info Server.GatewayServerUri : ' -- null char* string -- ' Info Server.DiscoveryProfileUri : ' -- null char* string -- ' Info UserIdentity token policy id : open62541-certificate-policy-sign#Basic256Sha256 Info UserIdentity token policy id : open62541-username-policy-sign#Basic256Sha256 Info Endpoint idx : 1 Info EndpointUrl : 'opc.tcp://MO-CM-6:4842' Info SecurityPolicyUri : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256' Info SecurityMode : 3 Info TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary' Info Certificate length : 917 Info Server.ServerName : 'Application 1' Info Server.ServerUri : 'urn:OPC-UA:Application 1' Info Server.ProductUri : 'urn:OPC-UA:Server' Info Server.GatewayServerUri : ' -- null char* string -- ' Info Server.DiscoveryProfileUri : ' -- null char* string -- ' Info UserIdentity token policy id : open62541-certificate-policy-sign+encrypt#Basic256Sha256 Info UserIdentity token policy id : open62541-username-policy-sign+encrypt#Basic256Sha256 Info Secure channel: 00842290(0540B4F8) finally disconnecting sync Info Secure channel: 00842290(0540B4F8) remove session (055231E8) to opc.tcp://192.168.100.100:4842/ Info Secure channel: 00842290(00000000) unregistered Info Secure channel: 00842290(00000000) destructor Info Client session: 055231E8 destructor, secure channel: 00000000 Debug Removed SynchronizeTargetStates action Info Update reconnect action : object state is Disconnected Info Client session: 055231E8 constructor Info Session::setSecurityConfiguration(...) Info Application::addSession(...) Info Session::isConnected(...) Info Session::connect(...) Info Connecting session (055231E8) reconnect: 0 Info Session (055231E8) doConnectDisconnect State: INIT Info Asynchronous connect started Debug Setting channel usage to USAGE_SESSION Info doConnectDisconnect (session: 055231E8) getting endpoints Debug Setting channel usage to USAGE_GETENDPOINTS Info Secure channel: 00842420(00000000) constructor Info Secure channel: 00842420(00000000) registered Info Secure channel: 00842420(00000000) add Session (055231E8) to opc.tcp://192.168.100.100:4842/ [0] Info Secure channel: 00842420(0540B4B8) opening async Debug Connection info url: opc.tcp://192.168.100.100:4842/ Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None Debug Connection info client certificate length: 1386 Debug Connection info client key length: 1191 Debug Connection info server certificate length: 917 Debug Connection info message security mode: 1 Info Secure channel: 00842420(0540B4B8) received stack callback (event 1) Info Secure channel: 00842420(0540B4B8) connection changed to connected Info Session : Connection status changed to: CONNECTED, status = Good Debug : Number of scheduled work items: 1 Info Session (055231E8) doConnectDisconnect State: INSECURE_CHANNEL_OPENED Info Secure channel open response: Good Debug : Number of scheduled work items: 1 Info Session (055231E8) doConnectDisconnect State: GETENDPOINTS_DONE Info GetEndpoints response: Good Debug Setting channel usage to USAGE_GETENDPOINTS Info Secure channel: 00842420(0540B4B8) closing async for session (055231E8) to opc.tcp://192.168.100.100:4842/ Info Secure channel: 00842420(0540B4B8) finally disconnecting async Info Secure channel: 00842420(0540B4B8) received stack callback (event 2) Info Secure channel: 00842420(0540B4B8) connection changed to disconnected Info Secure channel: 00842420(0540B4B8) remove session (055231E8) to opc.tcp://192.168.100.100:4842/ Info Secure channel: 00842420(00000000) unregistered Info Session : Connection status changed to: DISCONNECTED, status = Good Info postDisconnectEvent Good Debug : Number of scheduled work items: 1 Info Session (055231E8) onDisconnectEvent Old state: Connecting Info Session (055231E8) doConnectDisconnect State: INSECURE_CHANNEL_CLOSED Debug Setting channel usage to USAGE_SESSION Info Secure channel: 00842678(00000000) constructor Info Secure channel: 00842420(00000000) destructor Info Secure channel: 00842678(00000000) registered Info Secure channel: 00842678(00000000) add Session (055231E8) to opc.tcp://192.168.100.100:4842/ [0] Info Secure channel: 00842678(05408538) opening async Debug Connection info url: opc.tcp://192.168.100.100:4842/ Debug Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256 Debug Connection info client certificate length: 1386 Debug Connection info client key length: 1191 Debug Connection info server certificate length: 917 Debug Connection info message security mode: 3 Info Update reconnect action : object state is Connecting Info Secure channel: 00842678(05408538) received stack callback (event 1) Info Secure channel: 00842678(05408538) connection changed to connected Info Session : Connection status changed to: CONNECTED, status = BadCertificateUseNotAllowed Info Session (055231E8) doConnectDisconnect State: SECURE_CHANNEL_OPENED Info Secure channel open response: BadCertificateUseNotAllowed Debug : Number of scheduled work items: 1 Info postDisconnectEvent BadCertificateUseNotAllowed Debug : Number of scheduled work items: 1 Info Session (055231E8) onDisconnectEvent Old state: Disconnecting Info Session (055231E8) doConnectDisconnect State: SECURE_CHANNEL_CLOSED Info Close secure channel response: BadCertificateUseNotAllowed Info Secure channel: 00842678(05408538) remove session (055231E8) to opc.tcp://192.168.100.100:4842/ Info Secure channel: 00842678(00000000) unregistered Info Secure channel: 00842678(00000000) destructor Info Update reconnect action : object state is Disconnected Debug : Number of scheduled work items: 1 Info Update reconnect action : object state is Disconnected Info Sending response to agent: BadCertificateUseNotAllowed Info Connect session done, new state:Disconnected Info Update reconnect action : object state is Disconnected Error Error result from API call Session::connect(...) BadCertificateUseNotAllowed </code>
 Info   Application::initialize(...) 
 Info   Application::loadCertificate(...) 
 Info   Application::loadPrivateKey(...) 
 Info   Application::activateLicense(...) 
 Info   Application::start(...) 
 Info   FoundationStack::loadCertificate
 Info   Certificate loaded: 'C:/CERTIF~1/CERT_C~1.DER'
 Info   FoundationStack::loadPrivateKey
 Info   Application::getEndpointsFromServer(...) 
 Info   Client session: 05483FF0 constructor
 Info   Secure channel: 00842FD8(00000000) constructor
 Info   Secure channel: 00842FD8(00000000) registered
 Info   Secure channel: 00842FD8(00000000) add Session  (05483FF0) to opc.tcp://192.168.100.100:4842/ [0]
 Info   Secure channel: 00842FD8(0540B838) opening sync
 Debug  Connection info url: opc.tcp://192.168.100.100:4842/
 Debug  Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None
 Debug  Connection info client certificate length: 1386
 Debug  Connection info client key length: 1191
 Debug  Connection info server certificate length: -1
 Debug  Connection info message security mode: 1
 Info   Endpoint idx        : 0
 Info   EndpointUrl         : 'opc.tcp://MO-CM-6:4842'
 Info   SecurityPolicyUri   : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'
 Info   SecurityMode        : 2
 Info   TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
 Info   Certificate length  : 917
 Info   Server.ServerName          : 'Application 1'
 Info   Server.ServerUri           : 'urn:OPC-UA:Application 1'
 Info   Server.ProductUri          : 'urn:OPC-UA:Server'
 Info   Server.GatewayServerUri    : ' -- null char* string -- '
 Info   Server.DiscoveryProfileUri : ' -- null char* string -- '
 Info   UserIdentity token policy id : open62541-certificate-policy-sign#Basic256Sha256
 Info   UserIdentity token policy id : open62541-username-policy-sign#Basic256Sha256
 Info   Endpoint idx        : 1
 Info   EndpointUrl         : 'opc.tcp://MO-CM-6:4842'
 Info   SecurityPolicyUri   : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'
 Info   SecurityMode        : 3
 Info   TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
 Info   Certificate length  : 917
 Info   Server.ServerName          : 'Application 1'
 Info   Server.ServerUri           : 'urn:OPC-UA:Application 1'
 Info   Server.ProductUri          : 'urn:OPC-UA:Server'
 Info   Server.GatewayServerUri    : ' -- null char* string -- '
 Info   Server.DiscoveryProfileUri : ' -- null char* string -- '
 Info   UserIdentity token policy id : open62541-certificate-policy-sign+encrypt#Basic256Sha256
 Info   UserIdentity token policy id : open62541-username-policy-sign+encrypt#Basic256Sha256
 Info   Secure channel: 00842FD8(0540B838) finally disconnecting sync
 Info   Secure channel: 00842FD8(0540B838) remove session  (05483FF0) to opc.tcp://192.168.100.100:4842/
 Info   Secure channel: 00842FD8(00000000) unregistered
 Info   Secure channel: 00842FD8(00000000) destructor
 Info   Client session: 05483FF0 destructor, secure channel: 00000000
 Debug  Removed SynchronizeTargetStates action
 Info   Update reconnect action : object state is Disconnected
 Info   Client session: 05522F48 constructor
 Info   Session::setSecurityConfiguration(...) 
 Info   Application::addSession(...) 
 Info   Session::isConnected(...) 
 Info   Session::connect(...) 
 Info   Connecting session (05522F48) reconnect: 0
 Info   FoundationStack::createCryptoProvider
 Info   Session  (05522F48) doConnectDisconnect State: INIT
 Info   Asynchronous connect started
 Debug  Setting channel usage to USAGE_SESSION
 Info   doConnectDisconnect (session: 05522F48) getting endpoints
 Debug  Setting channel usage to USAGE_GETENDPOINTS
 Info   Secure channel: 00842678(00000000) constructor
 Info   Secure channel: 00842678(00000000) registered
 Info   Secure channel: 00842678(00000000) add Session  (05522F48) to opc.tcp://192.168.100.100:4842/ [0]
 Info   Secure channel: 00842678(0540B838) opening async
 Debug  Connection info url: opc.tcp://192.168.100.100:4842/
 Debug  Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None
 Debug  Connection info client certificate length: 1386
 Debug  Connection info client key length: 1191
 Debug  Connection info server certificate length: 917
 Debug  Connection info message security mode: 1
 Info   Secure channel: 00842678(0540B838) received stack callback (event 1)
 Info   Secure channel: 00842678(0540B838) connection changed to connected
 Info   Session : Connection status changed to: CONNECTED, status = Good
 Info   Session  (05522F48) doConnectDisconnect State: INSECURE_CHANNEL_OPENED
 Debug  : Number of scheduled work items: 1
 Info   Secure channel open response: Good
 Debug  : Number of scheduled work items: 1
 Info   Session  (05522F48) doConnectDisconnect State: GETENDPOINTS_DONE
 Info   GetEndpoints response: Good
 Debug  Setting channel usage to USAGE_GETENDPOINTS
 Info   Secure channel: 00842678(0540B838) closing async for session  (05522F48) to opc.tcp://192.168.100.100:4842/
 Info   Secure channel: 00842678(0540B838) finally disconnecting async
 Info   Secure channel: 00842678(0540B838) received stack callback (event 2)
 Info   Secure channel: 00842678(0540B838) connection changed to disconnected
 Info   Secure channel: 00842678(0540B838) remove session  (05522F48) to opc.tcp://192.168.100.100:4842/
 Info   Secure channel: 00842678(00000000) unregistered
 Info   Session : Connection status changed to: DISCONNECTED, status = Good
 Info   postDisconnectEvent Good
 Debug  : Number of scheduled work items: 1
 Info   Session  (05522F48) onDisconnectEvent Old state: Connecting
 Info   Secure channel: 00842678(00000000) destructor
 Info   Session  (05522F48) doConnectDisconnect State: INSECURE_CHANNEL_CLOSED
 Debug  Setting channel usage to USAGE_SESSION
 Info   Secure channel: 00842BF0(00000000) constructor
 Info   Secure channel: 00842BF0(00000000) registered
 Info   Secure channel: 00842BF0(00000000) add Session  (05522F48) to opc.tcp://192.168.100.100:4842/ [0]
 Info   Secure channel: 00842BF0(05408238) opening async
 Debug  Connection info url: opc.tcp://192.168.100.100:4842/
 Debug  Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
 Debug  Connection info client certificate length: 1386
 Debug  Connection info client key length: 1191
 Debug  Connection info server certificate length: 917
 Debug  Connection info message security mode: 3
 Info   Update reconnect action : object state is Connecting
 Info   Secure channel: 00842BF0(05408238) received stack callback (event 1)
 Info   Secure channel: 00842BF0(05408238) connection changed to connected
 Info   Session : Connection status changed to: CONNECTED, status = BadCertificateUseNotAllowed
 Debug  : Number of scheduled work items: 1
 Info   Session  (05522F48) doConnectDisconnect State: SECURE_CHANNEL_OPENED
 Info   Secure channel open response: BadCertificateUseNotAllowed
 Info   postDisconnectEvent BadCertificateUseNotAllowed
 Debug  : Number of scheduled work items: 1
 Info   (842) Session  (05522F48) onDisconnectEvent Old state: Disconnecting
 Info   Session  (05522F48) doConnectDisconnect State: SECURE_CHANNEL_CLOSED
 Info   Close secure channel response: BadCertificateUseNotAllowed
 Info   Secure channel: 00842BF0(05408238) remove session  (05522F48) to opc.tcp://192.168.100.100:4842/
 Info   Secure channel: 00842BF0(00000000) unregistered
 Info   Secure channel: 00842BF0(00000000) destructor
 Info   Update reconnect action : object state is Disconnected
 Debug  : Number of scheduled work items: 1
 Info   Update reconnect action : object state is Disconnected
 Info   Sending response to agent: BadCertificateUseNotAllowed
 Info   Connect session done, new state:Disconnected
 Info   Update reconnect action : object state is Disconnected
 Error  Error result from API call Session::connect(...) BadCertificateUseNotAllowed
 Info   Session::isConnected(...) 
 Info   Application::removeSession(...) 
 Debug  Removed SynchronizeTargetStates action
 Info   Session  (05522F48) doConnectDisconnect State: INIT
 Info   Asynchronous disconnect started
 Info   channel already closed
 Info   Update reconnect action : object state is Disconnected
 Debug  : Number of scheduled work items: 1
 Info   Sending response to agent: Good
 Debug  Removed SynchronizeTargetStates action
 Info   Update reconnect action : object state is Disconnected
 Info   Client session: 05522F48 destructor, secure channel: 00000000
 Debug  Removed SynchronizeTargetStates action
 Info   Update reconnect action : object state is Disconnected
 Info   Application::getEndpointsFromServer(...) 
 Info   Client session: 055231E8 constructor
 Info   Secure channel: 00842290(00000000) constructor
 Info   Secure channel: 00842290(00000000) registered
 Info   Secure channel: 00842290(00000000) add Session  (055231E8) to opc.tcp://192.168.100.100:4842/ [0]
 Info   Secure channel: 00842290(0540B4F8) opening sync
 Debug  Connection info url: opc.tcp://192.168.100.100:4842/
 Debug  Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None
 Debug  Connection info client certificate length: 1386
 Debug  Connection info client key length: 1191
 Debug  Connection info server certificate length: -1
 Debug  Connection info message security mode: 1
 Info   Endpoint idx        : 0
 Info   EndpointUrl         : 'opc.tcp://MO-CM-6:4842'
 Info   SecurityPolicyUri   : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'
 Info   SecurityMode        : 2
 Info   TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
 Info   Certificate length  : 917
 Info   Server.ServerName          : 'Application 1'
 Info   Server.ServerUri           : 'urn:OPC-UA:Application 1'
 Info   Server.ProductUri          : 'urn:OPC-UA:Server'
 Info   Server.GatewayServerUri    : ' -- null char* string -- '
 Info   Server.DiscoveryProfileUri : ' -- null char* string -- '
 Info   UserIdentity token policy id : open62541-certificate-policy-sign#Basic256Sha256
 Info   UserIdentity token policy id : open62541-username-policy-sign#Basic256Sha256
 Info   Endpoint idx        : 1
 Info   EndpointUrl         : 'opc.tcp://MO-CM-6:4842'
 Info   SecurityPolicyUri   : 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'
 Info   SecurityMode        : 3
 Info   TransportProfileUri : 'http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary'
 Info   Certificate length  : 917
 Info   Server.ServerName          : 'Application 1'
 Info   Server.ServerUri           : 'urn:OPC-UA:Application 1'
 Info   Server.ProductUri          : 'urn:OPC-UA:Server'
 Info   Server.GatewayServerUri    : ' -- null char* string -- '
 Info   Server.DiscoveryProfileUri : ' -- null char* string -- '
 Info   UserIdentity token policy id : open62541-certificate-policy-sign+encrypt#Basic256Sha256
 Info   UserIdentity token policy id : open62541-username-policy-sign+encrypt#Basic256Sha256
 Info   Secure channel: 00842290(0540B4F8) finally disconnecting sync
 Info   Secure channel: 00842290(0540B4F8) remove session  (055231E8) to opc.tcp://192.168.100.100:4842/
 Info   Secure channel: 00842290(00000000) unregistered
 Info   Secure channel: 00842290(00000000) destructor
 Info   Client session: 055231E8 destructor, secure channel: 00000000
 Debug  Removed SynchronizeTargetStates action
 Info   Update reconnect action : object state is Disconnected
 Info   Client session: 055231E8 constructor
 Info   Session::setSecurityConfiguration(...) 
 Info   Application::addSession(...) 
 Info   Session::isConnected(...) 
 Info   Session::connect(...) 
 Info   Connecting session (055231E8) reconnect: 0
 Info   Session  (055231E8) doConnectDisconnect State: INIT
 Info   Asynchronous connect started
 Debug  Setting channel usage to USAGE_SESSION
 Info   doConnectDisconnect (session: 055231E8) getting endpoints
 Debug  Setting channel usage to USAGE_GETENDPOINTS
 Info   Secure channel: 00842420(00000000) constructor
 Info   Secure channel: 00842420(00000000) registered
 Info   Secure channel: 00842420(00000000) add Session  (055231E8) to opc.tcp://192.168.100.100:4842/ [0]
 Info   Secure channel: 00842420(0540B4B8) opening async
 Debug  Connection info url: opc.tcp://192.168.100.100:4842/
 Debug  Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#None
 Debug  Connection info client certificate length: 1386
 Debug  Connection info client key length: 1191
 Debug  Connection info server certificate length: 917
 Debug  Connection info message security mode: 1
 Info   Secure channel: 00842420(0540B4B8) received stack callback (event 1)
 Info   Secure channel: 00842420(0540B4B8) connection changed to connected
 Info   Session : Connection status changed to: CONNECTED, status = Good
 Debug  : Number of scheduled work items: 1
 Info   Session  (055231E8) doConnectDisconnect State: INSECURE_CHANNEL_OPENED
 Info   Secure channel open response: Good
 Debug  : Number of scheduled work items: 1
 Info   Session  (055231E8) doConnectDisconnect State: GETENDPOINTS_DONE
 Info   GetEndpoints response: Good
 Debug  Setting channel usage to USAGE_GETENDPOINTS
 Info   Secure channel: 00842420(0540B4B8) closing async for session  (055231E8) to opc.tcp://192.168.100.100:4842/
 Info   Secure channel: 00842420(0540B4B8) finally disconnecting async
 Info   Secure channel: 00842420(0540B4B8) received stack callback (event 2)
 Info   Secure channel: 00842420(0540B4B8) connection changed to disconnected
 Info   Secure channel: 00842420(0540B4B8) remove session  (055231E8) to opc.tcp://192.168.100.100:4842/
 Info   Secure channel: 00842420(00000000) unregistered
 Info   Session : Connection status changed to: DISCONNECTED, status = Good
 Info   postDisconnectEvent Good
 Debug  : Number of scheduled work items: 1
 Info   Session  (055231E8) onDisconnectEvent Old state: Connecting
 Info   Session  (055231E8) doConnectDisconnect State: INSECURE_CHANNEL_CLOSED
 Debug  Setting channel usage to USAGE_SESSION
 Info   Secure channel: 00842678(00000000) constructor
 Info   Secure channel: 00842420(00000000) destructor
 Info   Secure channel: 00842678(00000000) registered
 Info   Secure channel: 00842678(00000000) add Session  (055231E8) to opc.tcp://192.168.100.100:4842/ [0]
 Info   Secure channel: 00842678(05408538) opening async
 Debug  Connection info url: opc.tcp://192.168.100.100:4842/
 Debug  Connection info securityPolicy: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
 Debug  Connection info client certificate length: 1386
 Debug  Connection info client key length: 1191
 Debug  Connection info server certificate length: 917
 Debug  Connection info message security mode: 3
 Info   Update reconnect action : object state is Connecting
 Info   Secure channel: 00842678(05408538) received stack callback (event 1)
 Info   Secure channel: 00842678(05408538) connection changed to connected
 Info   Session : Connection status changed to: CONNECTED, status = BadCertificateUseNotAllowed
 Info   Session  (055231E8) doConnectDisconnect State: SECURE_CHANNEL_OPENED
 Info   Secure channel open response: BadCertificateUseNotAllowed
 Debug  : Number of scheduled work items: 1
 Info   postDisconnectEvent BadCertificateUseNotAllowed
 Debug  : Number of scheduled work items: 1
 Info   Session  (055231E8) onDisconnectEvent Old state: Disconnecting
 Info   Session  (055231E8) doConnectDisconnect State: SECURE_CHANNEL_CLOSED
 Info   Close secure channel response: BadCertificateUseNotAllowed
 Info   Secure channel: 00842678(05408538) remove session  (055231E8) to opc.tcp://192.168.100.100:4842/
 Info   Secure channel: 00842678(00000000) unregistered
 Info   Secure channel: 00842678(00000000) destructor
 Info   Update reconnect action : object state is Disconnected
 Debug  : Number of scheduled work items: 1
 Info   Update reconnect action : object state is Disconnected
 Info   Sending response to agent: BadCertificateUseNotAllowed
 Info   Connect session done, new state:Disconnected
 Info   Update reconnect action : object state is Disconnected
 Error  Error result from API call Session::connect(...) BadCertificateUseNotAllowed

This question is a longshot, I know, but maybe someone else has an idea where I might look next to resolve it.

Here’s the openssl x509 -inform der for me certificate:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
<code>Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = My Company, OU = IA, CN = MyApplication, DC = MY-PC
Validity
Not Before: Sep 9 13:10:30 2024 GMT
Not After : Sep 11 13:10:30 2123 GMT
Subject: O = My Company, OU = IA, CN = MyApplication, DC = MY-PC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:ce:70:8d:4c:10:2c:ff:73:72:26:75:6a:95:
a5:96:b5:3a:87:02:18:28:1b:38:4c:c9:0d:61:34:
22:5e:e9:78:f2:6c:d4:e2:af:ef:c1:96:20:35:35:
be:59:14:e2:00:ed:47:63:72:1e:a2:d8:8e:1e:88:
fb:64:87:8b:f2:b8:d3:c7:31:3d:53:1c:3a:79:07:
db:4c:35:a4:7e:73:69:68:b7:ef:6a:92:cd:da:6d:
ae:ec:76:1a:31:60:62:c6:e8:ec:db:ad:3a:ee:de:
fb:92:75:1c:41:09:fe:3f:8f:f4:e0:76:e9:ef:30:
8a:4a:8a:81:86:68:1c:9b:a2:ac:75:fd:ef:fb:6e:
a5:aa:82:3e:48:22:12:5f:7b:d7:04:a4:29:5b:63:
94:f6:a7:46:73:09:5f:86:a8:ab:af:1a:6f:2c:f7:
55:30:4a:2c:2b:03:a0:77:d9:50:f1:32:c8:68:37:
86:1f:41:b7:42:03:bf:09:ef:98:c6:84:d0:90:29:
2d:40:1e:4d:85:d6:ba:8c:e0:12:d9:18:d8:41:b9:
98:83:af:c2:a7:25:9a:21:e2:82:67:48:54:f7:95:
51:da:7f:4c:85:2a:cf:f3:a8:3e:c5:8e:30:a2:a8:
22:32:79:c2:83:05:82:5d:98:37:eb:bc:73:44:ad:
a6:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
E1:97:EC:D9:63:07:2F:4A:E6:37:CF:39:98:1F:8E:3C:08:47:BE:2F
X509v3 Authority Key Identifier:
keyid:E1:97:EC:D9:63:07:2F:4A:E6:37:CF:39:98:1F:8E:3C:08:47:BE:2F
DirName:/O=My Company/OU=IA/CN=MyApplication/DC=MY-PC
serial:00
X509v3 Subject Alternative Name:
URI:urn:MY-PC/MyApplication
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
10:a4:37:0f:cd:c2:cf:94:20:f8:ba:80:24:92:9c:55:77:90:
e2:6b:66:fc:2e:64:ab:6b:67:a6:0c:ab:0a:42:69:0e:67:42:
22:20:f2:73:cc:83:56:fe:9f:65:8d:fb:7e:9a:7f:b9:01:b1:
0a:d4:71:77:58:ed:81:60:f0:f4:45:55:75:12:7a:34:00:8c:
1e:2d:95:8e:a0:7f:f7:b9:6d:0f:77:9e:be:67:6b:47:20:1e:
cf:30:d8:6a:55:a5:4c:b2:5e:5e:65:81:ab:f7:22:d7:09:9f:
3a:ce:4f:f7:b5:39:ef:5d:a5:99:5e:ba:67:08:76:5e:78:33:
d7:37:56:57:87:60:8e:0e:78:f7:45:c1:ca:68:5a:d5:99:6e:
2d:12:a1:d3:ec:e1:d6:35:2c:3b:bc:8e:08:b3:33:c4:6f:2a:
7a:d7:e5:d3:0c:68:b0:6f:f0:91:5c:f9:f4:bc:fe:b6:4b:79:
5d:23:0b:1d:48:57:1b:cb:8c:dd:33:f7:f0:af:df:07:1b:ed:
9d:fd:0b:f5:27:56:28:e1:d2:9b:a2:22:68:9b:ce:45:34:cb:
2d:58:f7:d7:32:d9:63:d9:d0:75:01:fb:b4:a1:3a:59:b8:e0:
c8:6f:80:db:91:27:3a:ad:34:7b:3f:8d:5f:de:30:29:18:41:
47:7e:0a:b8
</code>
<code>Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha256WithRSAEncryption Issuer: O = My Company, OU = IA, CN = MyApplication, DC = MY-PC Validity Not Before: Sep 9 13:10:30 2024 GMT Not After : Sep 11 13:10:30 2123 GMT Subject: O = My Company, OU = IA, CN = MyApplication, DC = MY-PC Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ef:ce:70:8d:4c:10:2c:ff:73:72:26:75:6a:95: a5:96:b5:3a:87:02:18:28:1b:38:4c:c9:0d:61:34: 22:5e:e9:78:f2:6c:d4:e2:af:ef:c1:96:20:35:35: be:59:14:e2:00:ed:47:63:72:1e:a2:d8:8e:1e:88: fb:64:87:8b:f2:b8:d3:c7:31:3d:53:1c:3a:79:07: db:4c:35:a4:7e:73:69:68:b7:ef:6a:92:cd:da:6d: ae:ec:76:1a:31:60:62:c6:e8:ec:db:ad:3a:ee:de: fb:92:75:1c:41:09:fe:3f:8f:f4:e0:76:e9:ef:30: 8a:4a:8a:81:86:68:1c:9b:a2:ac:75:fd:ef:fb:6e: a5:aa:82:3e:48:22:12:5f:7b:d7:04:a4:29:5b:63: 94:f6:a7:46:73:09:5f:86:a8:ab:af:1a:6f:2c:f7: 55:30:4a:2c:2b:03:a0:77:d9:50:f1:32:c8:68:37: 86:1f:41:b7:42:03:bf:09:ef:98:c6:84:d0:90:29: 2d:40:1e:4d:85:d6:ba:8c:e0:12:d9:18:d8:41:b9: 98:83:af:c2:a7:25:9a:21:e2:82:67:48:54:f7:95: 51:da:7f:4c:85:2a:cf:f3:a8:3e:c5:8e:30:a2:a8: 22:32:79:c2:83:05:82:5d:98:37:eb:bc:73:44:ad: a6:4d Exponent: 65537 (0x10001) X509v3 extensions: Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: E1:97:EC:D9:63:07:2F:4A:E6:37:CF:39:98:1F:8E:3C:08:47:BE:2F X509v3 Authority Key Identifier: keyid:E1:97:EC:D9:63:07:2F:4A:E6:37:CF:39:98:1F:8E:3C:08:47:BE:2F DirName:/O=My Company/OU=IA/CN=MyApplication/DC=MY-PC serial:00 X509v3 Subject Alternative Name: URI:urn:MY-PC/MyApplication X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Certificate Sign, CRL Sign X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption 10:a4:37:0f:cd:c2:cf:94:20:f8:ba:80:24:92:9c:55:77:90: e2:6b:66:fc:2e:64:ab:6b:67:a6:0c:ab:0a:42:69:0e:67:42: 22:20:f2:73:cc:83:56:fe:9f:65:8d:fb:7e:9a:7f:b9:01:b1: 0a:d4:71:77:58:ed:81:60:f0:f4:45:55:75:12:7a:34:00:8c: 1e:2d:95:8e:a0:7f:f7:b9:6d:0f:77:9e:be:67:6b:47:20:1e: cf:30:d8:6a:55:a5:4c:b2:5e:5e:65:81:ab:f7:22:d7:09:9f: 3a:ce:4f:f7:b5:39:ef:5d:a5:99:5e:ba:67:08:76:5e:78:33: d7:37:56:57:87:60:8e:0e:78:f7:45:c1:ca:68:5a:d5:99:6e: 2d:12:a1:d3:ec:e1:d6:35:2c:3b:bc:8e:08:b3:33:c4:6f:2a: 7a:d7:e5:d3:0c:68:b0:6f:f0:91:5c:f9:f4:bc:fe:b6:4b:79: 5d:23:0b:1d:48:57:1b:cb:8c:dd:33:f7:f0:af:df:07:1b:ed: 9d:fd:0b:f5:27:56:28:e1:d2:9b:a2:22:68:9b:ce:45:34:cb: 2d:58:f7:d7:32:d9:63:d9:d0:75:01:fb:b4:a1:3a:59:b8:e0: c8:6f:80:db:91:27:3a:ad:34:7b:3f:8d:5f:de:30:29:18:41: 47:7e:0a:b8 </code>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O = My Company, OU = IA, CN = MyApplication, DC = MY-PC
        Validity
            Not Before: Sep  9 13:10:30 2024 GMT
            Not After : Sep 11 13:10:30 2123 GMT
        Subject: O = My Company, OU = IA, CN = MyApplication, DC = MY-PC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:ce:70:8d:4c:10:2c:ff:73:72:26:75:6a:95:
                    a5:96:b5:3a:87:02:18:28:1b:38:4c:c9:0d:61:34:
                    22:5e:e9:78:f2:6c:d4:e2:af:ef:c1:96:20:35:35:
                    be:59:14:e2:00:ed:47:63:72:1e:a2:d8:8e:1e:88:
                    fb:64:87:8b:f2:b8:d3:c7:31:3d:53:1c:3a:79:07:
                    db:4c:35:a4:7e:73:69:68:b7:ef:6a:92:cd:da:6d:
                    ae:ec:76:1a:31:60:62:c6:e8:ec:db:ad:3a:ee:de:
                    fb:92:75:1c:41:09:fe:3f:8f:f4:e0:76:e9:ef:30:
                    8a:4a:8a:81:86:68:1c:9b:a2:ac:75:fd:ef:fb:6e:
                    a5:aa:82:3e:48:22:12:5f:7b:d7:04:a4:29:5b:63:
                    94:f6:a7:46:73:09:5f:86:a8:ab:af:1a:6f:2c:f7:
                    55:30:4a:2c:2b:03:a0:77:d9:50:f1:32:c8:68:37:
                    86:1f:41:b7:42:03:bf:09:ef:98:c6:84:d0:90:29:
                    2d:40:1e:4d:85:d6:ba:8c:e0:12:d9:18:d8:41:b9:
                    98:83:af:c2:a7:25:9a:21:e2:82:67:48:54:f7:95:
                    51:da:7f:4c:85:2a:cf:f3:a8:3e:c5:8e:30:a2:a8:
                    22:32:79:c2:83:05:82:5d:98:37:eb:bc:73:44:ad:
                    a6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                E1:97:EC:D9:63:07:2F:4A:E6:37:CF:39:98:1F:8E:3C:08:47:BE:2F
            X509v3 Authority Key Identifier: 
                keyid:E1:97:EC:D9:63:07:2F:4A:E6:37:CF:39:98:1F:8E:3C:08:47:BE:2F
                DirName:/O=My Company/OU=IA/CN=MyApplication/DC=MY-PC
                serial:00

            X509v3 Subject Alternative Name: 
                URI:urn:MY-PC/MyApplication
            X509v3 Basic Constraints: 
                CA:TRUE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
    Signature Algorithm: sha256WithRSAEncryption
         10:a4:37:0f:cd:c2:cf:94:20:f8:ba:80:24:92:9c:55:77:90:
         e2:6b:66:fc:2e:64:ab:6b:67:a6:0c:ab:0a:42:69:0e:67:42:
         22:20:f2:73:cc:83:56:fe:9f:65:8d:fb:7e:9a:7f:b9:01:b1:
         0a:d4:71:77:58:ed:81:60:f0:f4:45:55:75:12:7a:34:00:8c:
         1e:2d:95:8e:a0:7f:f7:b9:6d:0f:77:9e:be:67:6b:47:20:1e:
         cf:30:d8:6a:55:a5:4c:b2:5e:5e:65:81:ab:f7:22:d7:09:9f:
         3a:ce:4f:f7:b5:39:ef:5d:a5:99:5e:ba:67:08:76:5e:78:33:
         d7:37:56:57:87:60:8e:0e:78:f7:45:c1:ca:68:5a:d5:99:6e:
         2d:12:a1:d3:ec:e1:d6:35:2c:3b:bc:8e:08:b3:33:c4:6f:2a:
         7a:d7:e5:d3:0c:68:b0:6f:f0:91:5c:f9:f4:bc:fe:b6:4b:79:
         5d:23:0b:1d:48:57:1b:cb:8c:dd:33:f7:f0:af:df:07:1b:ed:
         9d:fd:0b:f5:27:56:28:e1:d2:9b:a2:22:68:9b:ce:45:34:cb:
         2d:58:f7:d7:32:d9:63:d9:d0:75:01:fb:b4:a1:3a:59:b8:e0:
         c8:6f:80:db:91:27:3a:ad:34:7b:3f:8d:5f:de:30:29:18:41:
         47:7e:0a:b8

2

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
<code> X509v3 Basic Constraints:
CA:TRUE
</code>
<code> X509v3 Basic Constraints: CA:TRUE </code>
        X509v3 Basic Constraints: 
           CA:TRUE

This may be your issue.

Have a look at https://reference.opcfoundation.org/Core/Part6/v105/docs/6.2.2 to get an idea of what’s required of your application instance certificate.

In particular:

The cA flag shall be FALSE for any ApplicationInstance Certificate, however, TRUE shall be accepted to ensure backward interoperability when validating ApplicationInstance Certificates, if revocation checks are enabled. If revocation checks are disabled then a Certificate with the cA flag set to TRUE should not be accepted. It should be possible to disable backward interoperability in configuration.

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa Dịch vụ tổ chức sự kiện 5 sao Thông tin về chúng tôi Dịch vụ sinh nhật bé trai Dịch vụ sinh nhật bé gái Sự kiện trọn gói Các tiết mục giải trí Dịch vụ bổ trợ Tiệc cưới sang trọng Dịch vụ khai trương Tư vấn tổ chức sự kiện Hình ảnh sự kiện Cập nhật tin tức Liên hệ ngay Thuê chú hề chuyên nghiệp Tiệc tất niên cho công ty Trang trí tiệc cuối năm Tiệc tất niên độc đáo Sinh nhật bé Hải Đăng Sinh nhật đáng yêu bé Khánh Vân Sinh nhật sang trọng Bích Ngân Tiệc sinh nhật bé Thanh Trang Dịch vụ ông già Noel Xiếc thú vui nhộn Biểu diễn xiếc quay đĩa Dịch vụ tổ chức tiệc uy tín Khám phá dịch vụ của chúng tôi Tiệc sinh nhật cho bé trai Trang trí tiệc cho bé gái Gói sự kiện chuyên nghiệp Chương trình giải trí hấp dẫn Dịch vụ hỗ trợ sự kiện Trang trí tiệc cưới đẹp Khởi đầu thành công với khai trương Chuyên gia tư vấn sự kiện Xem ảnh các sự kiện đẹp Tin mới về sự kiện Kết nối với đội ngũ chuyên gia Chú hề vui nhộn cho tiệc sinh nhật Ý tưởng tiệc cuối năm Tất niên độc đáo Trang trí tiệc hiện đại Tổ chức sinh nhật cho Hải Đăng Sinh nhật độc quyền Khánh Vân Phong cách tiệc Bích Ngân Trang trí tiệc bé Thanh Trang Thuê dịch vụ ông già Noel chuyên nghiệp Xem xiếc khỉ đặc sắc Xiếc quay đĩa thú vị
Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa
Thiết kế website Thiết kế website Thiết kế website Cách kháng tài khoản quảng cáo Mua bán Fanpage Facebook Dịch vụ SEO Tổ chức sinh nhật