ERROR:__main__:The certificate provided as a parameter is not valid.(BadCertificateInvalid)

[ZionC27]

I have been trying to get server-with-encryption.py and client-with-encryption.py to work but have been running into issues.

What is working:

• For the server I have been using the server-certificate-example.der and server-private-key-example.pem
• I have tested using UAExpert certificate (await cert_user_manager.add_user(Path(cert_base /"certificates/cert.der"), name="test_user")) and the client works on UI.

What is not working:

• The client-with-encryption.py
• The provided peer-certificate-example-1.der is invalid because it is expired
• Making my own certificate

What I have tried:

• I created my own Private key and certificates I used the following command:
  openssl req -x509 -newkey rsa:4096 -sha256 -keyout pk.pem -out cert.pem -days 3650 -nodes -addext "subjectAltName = URI:urn:myselfsignedserver@xxxxxx,IP: 127.0.0.1,DNS: xxxxxx"

openssl x509 -outform der -in cert.pem -out cert.der

I keep getting:

INFO:asyncua.client.client:connect
INFO:asyncua.client.ua_client.UaClient:opening connection
INFO:asyncua.uaprotocol:updating client limits to: TransportLimits(max_recv_buffer=65535, max_send_buffer=65535, max_chunk_count=1601, max_message_size=104857600)
INFO:asyncua.client.ua_client.UASocketProtocol:open_secure_channel
INFO:asyncua.client.ua_client.UaClient:create_session
WARNING:asyncua.client.ua_client.UASocketProtocol:ServiceFault (BadCertificateInvalid, diagnostics: DiagnosticInfo(SymbolicId=None, NamespaceURI=None, Locale=None, LocalizedText=None, AdditionalInfo=None, InnerStatusCode=None, InnerDiagnosticInfo=None)) from server received in response to CreateSessionRequest
INFO:asyncua.client.ua_client.UASocketProtocol:close_secure_channel
INFO:asyncua.client.ua_client.UASocketProtocol:Request to close socket received
ERROR:main:The certificate provided as a parameter is not valid.(BadCertificateInvalid)

I have also tried changing rsa:2048, -set_serial "0x122b11b1" when making the certificate

I also tried removing setup_self_signed_certificate but it still doesn't work
await setup_self_signed_certificate(
private_key,
cert,
client_app_uri,
host_name,
[ExtendedKeyUsageOID.CLIENT_AUTH],
{
"countryName": "CA",
"stateOrProvinceName": "BC"
},
)

[AndreasHeine]

can you post the cert!? or a sample cert!?

[ZionC27]

@AndreasHeine Using server-with-encryption.py and client-with-encryption.py without modifying code. I used private-key-example.pem and certificate-example.der for the server and peer-private-key-example-1.pem and peer-certificate-example-1.pem inside examples and got
WARNING:asyncuagds.validate:Not trusted certificate used: "myselfsignedserver@LAPTOP-E56DPVO9"
ERROR:asyncua.client.client:create_session fault response: The certificate is not trusted. (BadCertificateUntrusted)
INFO:asyncua.client.ua_client.UASocketProtocol:close_secure_channel
INFO:asyncua.client.ua_client.UASocketProtocol:Request to close socket received
ERROR:main:The certificate is not trusted.(BadCertificateUntrusted)

I also tried the key and certificate parrings for the client from this repo https://github.com/ZionC27/certtest and they still have the same issue