TopView engine unable to connect to OPC UA server: SHA 1 Certificates are not trusted
Issue
The TopView engine was unable to connect to the OPC UA server due to certificate issues. When inspecting the logs, we could see similar error messages to those that would occasionally appear when testing connections.
This issue may show as the following error messages when testing connections in TopView Configurator:
Certificate status: BadCertificatePolicyCheckFailed (code: 2165571584)
SHA1 signed certificates are not trusted.
You may see the following when running an engine:
Failed to connect to session using alias "[aliasname]"
...and the following in the Application Log file (accessible in the TopView Admin Tools application):
Certificate from "CN=[...]" has the following issue: BadCertificatePolicyCheckFailed 'SHA1 signed certificates are not trusted.'
Rejecting certificate from "CN=[...]"
Solutions
- In TopView's UA settings, you can switch to automatically accept server certificates for both the Configurator and Engine processes:
- To get to TopView's UA settings, go to the "Tags & Limits" page, click the "Gear" button next to the "Server" textbox (above and to the left of the "Add tags (tags search)..." button.
- Auto-accepting certificates is not a best practice security-wise, but if you only plan to connect to known servers and can trust that you will only be connecting to approved servers, this may be OK.
- Switch to an XML UA configuration file in which you include a line to not reject SHA1 Signed Certificates
- XML configuration information below
XML Configuration instructions
Add the SHA1 rejection tag within the security configuration element similar to the following:
- <SecurityConfiguration>
- <RejectSHA1SignedCertificates>false</RejectSHA1SignedCertificates>
- </SecurityConfiguration>
Related Articles
TopView Engine in "Startup"
Background When a TopView Engine starts or performs an internal restart, it enters the "Startup" operating state. Once "Startup" has completed the Engine will be in the "Running" operating state. Startup includes the following tasks: Reading the ...OPCUA tag search - returned tag format
If you experience issues with full Browse Paths being unable to be resolved by TopView's OPC UA tooling, you have other options to return Node IDs or browse paths combined with Node IDs from TopView's "Add tags"/ tag search dialog. In TopView 7.2 and ...TopView OPC cannot connect as Service
This article is useful if TopView connects to your OPC server when run interactively, but cannot connect to remote OPC Server(s) when you run TopView as a Service. Interactive applications (non-Service) run under the account of the logged in ...Emerson DeltaV OPC Server: Class not registered, error 0x80040154
DeltaV OPC Server connection error: Class not registered, error 0x80040154 The above error can occur in TopView 7.0 and later when attempting to connect to the Emerson DeltaV OPC Server (OPC.DeltaV.1) TopView applications in v7.0 and later are ...RSLinx OPC Server error "Class is not licensed for use"
After upgrading to TopView version 7.x we are aware of an issue where The TopView Configurator is able to successfully connect to the local RSLinx OPC Server The TopView Engine fails to connect to the local RSLinx OPC Server with error "Class is not ...