Qt World Summit: Register Today!

QT OPC UA with open62541 backend, encryption

  • Hello,

    Im currently a little confused about the state of encryption compability of opcua in qt 5.15.2 with the open62541 backend. In the Documentation it states the following: "Creating secure connections with Qt OPC UA is currently only supported using the UACPP backend plugin." Is that statement correct?
    I managed to compile the opcua plugin with encryption support but I have trouble actually connecting to a server with an encrypted connection. Im using the example project QtOpcUaViewer under Windows to test the capabilities. When using a self signed client certificate, as described in the link obove, the connection attempt fails with the following messages:

    [2021-07-21 16:48:23.656 (UTC+0200)] error/channel	Receiving service response failed with error BadConnectionClosed
    [2021-07-21 16:48:23.656 (UTC+0200)] error/client	Opening a secure channel failed
    [2021-07-21 16:48:23.656 (UTC+0200)] error/client	Couldn't connect the client to a TCP secure channel
    qt.opcua.plugins.open62541: Open62541: Failed to connect
    Client error changed QOpcUaClient::UnknownError
    Client state changed QOpcUaClient::Disconnected

    The interesting thing is that when im coping the client certificate from another application (UaExpert) into my pki location I can connect to the servers with encryption enabled. I tested this with multiple upcua demo server in this list and always got the described results: https://github.com/node-opcua/node-opcua/wiki/publicly-available-OPC-UA-Servers-and-Clients

    Is that behavior the result of missing/incomplete encryption-support of QtOpcUa with the open62541 backend or is something wrong with my certificates?

  • Lifetime Qt Champion

    I think its something with the QtOpcUa plugin as when I tried using open62541 API directly it worked but
    I was not able to get working using the Qt API.
    But I didn't find out why exactly and for my use case, using the native API was ok.

    If you dont get any answers here I would ask on the mailing list.

Log in to reply