Connection with Ignition's OPC UA

Hi all, I have been trying to connect with our client’s Ignition OPC UA server via Tulip. The client has provided us Ignition credential (username and password). We use those in ‘Authentication Method’ which is set to ‘UserName’.

image691×768 23.8 KB

The data source is setup and the test is successful when we set the ‘Security Mode’ to ‘None’ but the issue arises when we set the ‘Security Mode’ to ‘Sign & Encrypt’.

For ‘Sign & Encrypt’, we had generated our cert and key for use in Tulip (used Git Bash on our windows device to generate those). Now, when we are testing, hoping to see a cert in Ignition for the client to approve, but no luck so far.

After chatgpt’ing this, it gave us bunch of suggestion and one seems to stand out, which was ‘Application URI mismatch (BadCertificateUriInvalid) → Regenerate Tulip cert with SAN URI that matches the client Application URI Tulip presents.’

In our cert, this ‘Subject Alternative Names’ field is missing. My next test would be to regenerate the cert with this SAN field (and it also seems to have a format) and try connecting again.

image793×201 9.15 KB

Thanks for sticking with me, now to my question, anyone here with any experience connecting to Ignition’s OPC UA? If yes, were you able to get it done with the ‘Sign & Encrypt’ security mode?

And if nobody’s has done this, can anyone from Tulip (who has experience with Ignition and OPC UA) chip in?

g’day

Just an update, we have got this working. Turns out two things were missing from the cert, first was the SAN entry as pointed out by gpt and other was KeyUsage extensions (found out about this on Ignition’s forum). The keyUsage entry should be like this ‘keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyCertSign’. With this we were able to connect to Ignition’s OPC UA with encryption.