New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error 'Data does not match to Certificate ASN1 schema. undefined' with serverCertificateManager #1289
Comments
Thank you for reporting, I was working on this bug that has been reported several time already, but I was not able to reproduce; I am able to reproduce the problem using this script that I have adatped from your snippet above, on node 18.17.0, or nodejs 20.04 Also to note that this behavior only happens with node-opcua @2.107/108 that introduced for the first time the creation of private keys and certificate without the need of an external This is only possible thanks to nodeJS now implementing the sutble WebCrypto API. and the help of a third party module that complement the functinality @peculiar/crypto. However, it appears that the suble API in nodeJS is not stable yet in nodejs and its behavior still updating from version to version... I would not like to revert to use external openssl The workaround for now, as I am working on a better fix in node-opcua would be for you to either:
{
"name": "issue_1289",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test:18.17": "docker run -it -v $PWD:/home node:18.17 /usr/local/bin/node /home/github_1289.mjs",
"test:18.17.1": "docker run -it -v $PWD:/home node:18.17.1 /usr/local/bin/node /home/github_1289.mjs",
"test:16.20": "docker run -it -v $PWD:/home node:16.20 /usr/local/bin/node /home/github_1289.mjs",
"test:20.5.1": "docker run -it -v $PWD:/home node:20.5.1 /usr/local/bin/node /home/github_1289.mjs",
"test:20.5.0": "docker run -it -v $PWD:/home node:20.5.0 /usr/local/bin/node /home/github_1289.mjs",
"test:20.4": "docker run -it -v $PWD:/home node:20.4 /usr/local/bin/node /home/github_1289.mjs"
},
"dependencies": {
"node-opcua": "2.108.0"
}
} // github_1289.mjs
import fs from "fs";
import path from "path";
import { OPCUACertificateManager } from "node-opcua";
const pkiRoot = "/tmp/pki1289";
const certificateFile = path.join(pkiRoot, "server_selfsigned_cert_2048.pem");
const selfSignedCertificatePath = certificateFile;
const appName = "RpiPlc";
const data = {
"applicationUri": "urn:rpi-plc-deployment-55cc7bbc64-r89h4:RpiPlc",
"dns": [
"rpi-plc-deployment-55cc7bbc64-r89h4"
],
"outputFile": "/rpi-plc/data/.config/PKI/certificate.pem",
"subject": "/CN=RpiPlc/O=TestSHome/L=Midway/C=US",
"startDate": "2023-08-15T06:16:15.077Z",
"validity": 3650
};
const ModuleName = "";
(async () => {
console.log("starting from fresh: deleting existing pki folder")
if (fs.existsSync(pkiRoot)) {
fs.rmdirSync(pkiRoot, { recursive: true });
}
const serverCertificateManager = new OPCUACertificateManager({
automaticallyAcceptUnknownCertificate: true,
rootFolder: pkiRoot
});
try {
await serverCertificateManager.initialize();
if (!fs.existsSync(certificateFile)) {
console.log([ModuleName, 'info'], `Creating new certificate file:`);
const certFileRequest = {
applicationUri: data.applicationUri,
dns: data.dns,
// ip: await getIpAddresses(),
outputFile: selfSignedCertificatePath,
subject: `/CN=${appName}/O=TestHome/L=Midway/C=US`,
startDate: new Date(),
validity: 365 * 10
};
console.log([ModuleName, 'info'], `Self-signed certificate file request params:\n${JSON.stringify(certFileRequest, null, 2)}\n`);
await serverCertificateManager.createSelfSignedCertificate(certFileRequest);
}
else {
console.log([ModuleName, 'info'], `Using existing certificate file at: ${certificateFile}`);
}
}
catch (ex) {
console.log(ex);
console.log([ModuleName, 'error'], `Error creating server self signed certificate: ${ex.message}`);
}
})(); |
update: It appears that the issue also shows up with NodeJS20.5. This has been fixed in node-opcua-crypto@4.2.0 and is currently being deployed in node-opcua. |
Fixed in node-opcua@2.110.0 |
Current behavior
When attempting to use the serverCertificateManager.createSelfSignedCertificate method I get the error:
'Data does not match to Certificate ASN1 schema. undefined'
Describe the bug
I am using the node-opcua package with my server implementation in container and deploying it to a local Kubernetes cluster. I have a persistent volume mapped to the host storage system which contains the root PKI folder.
I am creating the serverCertificateManager:
I am attempting to create the certificate with this code:
The values used in the call are this (from logs):
The exception is caught on the last line with the error. The call stack for the exception is this:
The host directory looks like this after the call:
However; after letting the server continue to initialize the directory looks like this:
I think the default server certificate creation might be happening after my failed attempt.
Step by step instruction to reproduce
Steps to reproduce the behavior:
Expected behavior
I expect to see a "certificate.pem" file created in the persistent volume.
Context
( ) my request is related to node-opcua acting as an OPCUA CLIENT
(X) my request is related to node-opcua acting as an OPCUA SERVER
( ) I have installed node-opcua from source ( using git clone)
(X) I have installed node-opcua as a package ( using npm install )
( ) I am using an application that uses node-opcua
Device: Rasberry Pi4 4Gb RAM
OS version: Ubuntu 22.04, MicroK8s 1.27.4
Description of the other OPCUA system I am trying to connect to:
node-opcua version: :
2.108.0
Node:
node --version
= v18.17.0The text was updated successfully, but these errors were encountered: