OPCUA Client invalid endpoint error node-red-contrib-opcua

Dear all,

right now I'm facing a strange issue. I want to use S7-1200 PLC (correct firmware for opcua) with TIA portal. S7-1200 is opcua server, nod-red shall be opcua client. Also I'm using ua expert as an opcua client test software. With ua expert, I get correct data via OPCUA. If I'm using nod red and want to read out measurement data of a sensor, it doesn't work.

I simply use a nod inject, which goes to opcua client, which is connected with a gauge in nod red.
Datatype and nod identifier should be correct. My problem is, if I want to deploy my configuration in nod red, I get following error:

invalid Endpoint error: Cannot find private key C:.....\private_key.pem

I'm using no private key and no certificate. It's just for a quick test. Endpoint setting should be also correct. I've just chosen opcua server adress.

Client uses certificate manager, if it cannot create folder it could cause this kind of error.
Make sure that node-red has permissions to create needed folders.
Investigate console log more detailed.

Thank you for your answer! The only error, which is shown is following:

cannot find file: C:\Users.....\openssl.exe
openssl seems to be missing and need to be installed

Is openssl required for using opcua client? If so, I will test

Yes it is needed. Normally node-opcua (certificate manager) will install it silently.
Of course it will need internet connection to be able to download it.

@mikakaraila, I installed OPCUA on a system then deployed it to a folder using Node-RED-Alternate-Installer. Then I'm having this same situation.

28 Sep 14:25:32 - [warn] [OpcUa-Client:ac877344.62b8a] OpcUaClientNode: Case B: UserName & password does not match to server (needed by Sign): undefined undefined
28 Sep 14:25:33 - [warn] [OpcUa-Client:1157788a.254107] OpcUaClientNode: Case A: Endpoint does not contain, 1==None 2==Sign 3==Sign&Encrypt securityMode:[1] securityPolicy:["http://opcfoundation.org/UA/SecurityPolicy#None"]
28 Sep 14:25:33 - [warn] [OpcUa-Client:1157788a.254107] OpcUaClientNode: Case B: UserName & password does not match to server (needed by Sign): undefined undefined
28 Sep 14:25:33 - [warn] [OpcUa-Client:ea57229e.940c] OpcUaClientNode: Case A: Endpoint does not contain, 1==None 2==Sign 3==Sign&Encrypt securityMode:[1] securityPolicy:["http://opcfoundation.org/UA/SecurityPolicy#None"]
28 Sep 14:25:33 - [warn] [OpcUa-Client:ea57229e.940c] OpcUaClientNode: Case B: UserName & password does not match to server (needed by Sign): undefined undefined
28 Sep 14:25:33 - [warn] [OpcUa-Client:1d5f86fb.18f339] OpcUaClientNode: Case A: Endpoint does not contain, 1==None 2==Sign 3==Sign&Encrypt securityMode:[1] securityPolicy:["http://opcfoundation.org/UA/SecurityPolicy#None"]
28 Sep 14:25:33 - [warn] [OpcUa-Client:1d5f86fb.18f339] OpcUaClientNode: Case B: UserName & password does not match to server (needed by Sign): undefined undefined

This PC cannot get to the internet due to its location on our network. You mentioned the client should have rights to create this file which

The node has this error.
Invalid endpoint Errror: Cannot find private key C:\WINDOWS\System32\config\sysemprofile\AppData\Roaming\node-red-opcua-nodejs\Config\PKI\private_key.pem

Please help me understand what I can do to fix this? I have other systems which are connecting to Kepware and work OK as far as local tags and no authentication. This is one which I installed and upgraded today.

In version 0.2.85. the option is "None, No Certificate used" Now in 0.2.289 its "None, Use Generated self-signed Certificate". Would it be possible to have an option which allows you to completely remove and allow no security for at least test purposes? Please help. How do I allow it to do what it needs or, how do I create and get the file in the right place?

Downloaded openssl AND IT WORKS!

1 Like

Hi @hp_apcc

Once you downloaded openssl - what settings did you use in the client node? "None, Use Generated self-signed Certificate?"

Thanks for sharing - I have a similar error when trying to connect Raspberry Pi as a client to a OPC UA server.

As I recall using this node. There is a suggestion to try using this node.

Sorry for the late reply. The openssl is for specifically Self-signed certificate. This is if you chose NONE. Otherwise you'd use a certificate between the client and server. Node-RED OPCUA node will show you in the terminal log the path if has an error. You just need to be sure that the file is in the proper path. It will automatically run OpenSSL and install your self signed certificate.

Hi all,
I just had the same problem and I solved it (as few of you mentioned) by downloading the openssl-file from this website:
/source/index.html (openssl.org).
then I moved the downloaded file to the correct folder, where nod-red was looking for.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.