Configuration of an OPC UA Client with Token Type Certificate

Elie_Ntumba · June 22, 2026, 4:31pm

Hello,

I am using a APC910 running under Automation Runtime I4.93 , under Automation Studio 4.12.2.93

For this topic, I have a certificate generated by a CA and 2 intermediates.

I want to be connected with an OPC UA Server.

With UA Expert I have the possibility to be connected with OPC UA Server, without a warning.

The configuration of the certificate is alright.

The weird thing that I don’t understand is I did my configuration that is like UA Expert’s,

In Server SIde : I have a Wireshark record, logs saying that the Server has accepted the certificate and session started
but at the end the APC910 client is receiving this OPC UA error code (2151481344) BadNotSupported, during the connection.
So the client just stopped the communcation.

WireShark steps (192.168.1.1 is CLIENT[APC910], 192.168.1.21 is SERVER):
177919 3441.651986200 192.168.1.1 192.168.1.21 OpcUa 117 Hello message
177920 3441.656558200 192.168.1.21 192.168.1.1 OpcUa 82 Acknowledge message
177922 3441.656721200 192.168.1.1 192.168.1.21 OpcUa 191 OpenSecureChannel message
177923 3441.663933200 192.168.1.21 192.168.1.1 OpcUa 190 OpenSecureChannel message
177926 3441.671442900 192.168.1.1 192.168.1.21 OpcUa 154 UA Secure Conversation Message: GetEndpointsRequest
177934 3441.678995100 192.168.1.21 192.168.1.1 OpcUa 1329 UA Secure Conversation Message: GetEndpointsResponse
177938 3441.684695500 192.168.1.1 192.168.1.21 OpcUa 115 CloseSecureChannel message: CloseSecureChannelRequest
177946 3441.690034200 192.168.1.1 192.168.1.21 OpcUa 117 Hello message (decrypted)
177947 3441.697843900 192.168.1.21 192.168.1.1 OpcUa 82 Acknowledge message (decrypted)
177951 3441.753474800 192.168.1.1 192.168.1.21 OpcUa 87 OpenSecureChannel message (encrypted)
178040 3442.569409400 192.168.1.21 192.168.1.1 OpcUa 2912 OpenSecureChannel message (encrypted)
178060 3442.682894300 192.168.1.1 192.168.1.21 OpcUa 694 UA Secure Conversation Message (encrypted)
178094 3442.930081800 192.168.1.21 192.168.1.1 OpcUa 11046 UA Secure Conversation Message (encrypted)
178103 3442.932404900 192.168.1.1 192.168.1.21 OpcUa 154 UA Secure Conversation Message (encrypted)
178106 3442.939799000 192.168.1.21 192.168.1.1 OpcUa 150 UA Secure Conversation Message (encrypted)
178108 3442.950415800 192.168.1.1 192.168.1.21 OpcUa 154 CloseSecureChannel message (encrypted)

My client code configuration :
if (usCountMonitoring > UACL_MONITOR_CYCLE)
{
usCountMonitoring = CONST_INIT_VALUE;
bExeUA_Connect_0 = true_t;
}
/* SessionConnectInfo - Initialize Connection Parameters */
UAUserIdentityToken_0.UserIdentityTokenType = UAUITT_x509;
brsstrcpy((uint32_t)&UAUserIdentityToken_0.TokenParam1,(uint32_t)&“/ADDONS/DATA/PKI/ownCerts”);
brsstrcpy((uint32_t)&UAUserIdentityToken_0.TokenParam2,(uint32_t)&“/ADDONS/DATA/PKI/privateKeys”);

		UASessionConnectInfo_0.CheckServerCertificate = true_t;								
		UASessionConnectInfo_0.TransportProfile 	= UATP_UATcp;
		UASessionConnectInfo_0.UserIdentityToken	= UAUserIdentityToken_0;
		UASessionConnectInfo_0.SessionTimeout 		= plcTmTimeout; 							/* 1 min */
		// brsstrcpy((uint32_t)&UASessionConnectInfo_0.ServerUri, (uint32_t)&"SERVER-URI");
		brsstrcpy((uint32_t)&UASessionConnectInfo_0.SessionName, (uint32_t)&"SESSION_NAME");
		UASessionConnectInfo_0.MonitorConnection 	= plcTmTimeoutMonitor; 					/* 10 sec */
		brsstrcpy((uint32_t)&UASessionConnectInfo_0.CertificateStore, (uint32_t)&"SSL_OPCUA_Client");
		UASessionConnectInfo_0.SecurityPolicy 		= UASecurityPolicy_Basic256Sha256;
		UASessionConnectInfo_0.SecurityMsgMode 		= UASecurityMsgMode_SignEncrypt;
		
		/* UA_Connect - establish connection to OPC-UA Server */
		brsstrcpy((uint32_t)&UA_Connect_0.ServerEndpointUrl, (uint32_t)&"opc.tcp://192.168.1.21:4840");
		UA_Connect_0.Execute 				= bExeUA_Connect_0;
		UA_Connect_0.SessionConnectInfo 	= UASessionConnectInfo_0;
		UA_Connect_0.Timeout 				= plcTmTimeoutMonitor;

		UA_Connect(&UA_Connect_0);													/*  CALL FUB  */

		if (UA_Connect_0.Busy == false_t) 
		{
			bExeUA_Connect_0 = false_t;
			if ((UA_Connect_0.Done == true_t) && (UA_Connect_0.ErrorID == CONST_INIT_VALUE))
			{
				ulErrorIDfubs 				= CONST_INIT_VALUE;
				ulConnectionHdl 			= UA_Connect_0.ConnectionHdl;
				bExeUA_Getnamespaceindex_0 	= true_t;					
			}
			if (UA_Connect_0.Error == true_t) 
			{
				
				ulErrorIDfubs 				= UA_Connect_0.ErrorID;
				ulConnectionHdl 			= CONST_INIT_VALUE;
			}
		}

Please help me

valerio.manenti · June 23, 2026, 5:31pm

Hi @Elie_Ntumba ,
Welcome to B&R Community!

I didn’t find the error in our AS Help, so with AI on Internet I have found more details: Common OPC UA Error Codes.

The Meaning: The application or client sent a request, but the server does not support that specific operation.

Verify that the functions or data nodes you are trying to access are supported by the specific firmware or model version of your OPC UA server.

Which model version are you using? 1 or 2? Be sure you select the one you need.

AS 4.x supports both versions 1 and 2, AS 6 only 2.

Ciao
Valerio

Topic		Replies	Views
[APROL] Using OpcUa Client on the Controller Other Topics aprol , opc-ua	1	141	July 4, 2025
OPC UA access by Certificate B&R Software & Runtime opc-ua	12	1389	June 7, 2024
Opcua_any --> no connection to the server B&R Software & Runtime opc-ua	11	400	March 23, 2026
UAExpert, mappView: How to make a secure OPCUA connection to OPCUA server with communication partner validation How-To & Wikis mapp-view , plc , opc-ua	8	2322	January 22, 2025
X20 CP 1584 OPC-UA Certificate Expiry B&R Software & Runtime opc-ua	5	261	February 20, 2026

Configuration of an OPC UA Client with Token Type Certificate

Related topics