2021-10-26T13:27:04Z I! Failed to load certificate: open /etc/telegraf/cert.pem: Das System kann den angegebenen Pfad nicht finden.
2021-10-26T13:27:04Z E! [telegraf] Error running agent: could not initialize input inputs.opcua: unable to find suitable server endpoint with selected sec-policy and
sec-mode
I already unlocked the port in my firewall. It’s all local installed for testing.
Can anybody help me how to fix this?
Failed to load certificate: open /etc/telegraf/cert.pem
Anybody an idea how to get that certificate & key in the Telegraf.config?
Do I need to copy something in the folder manually?
Auotmatic generating is not working.
## Security policy, one of "None", "Basic128Rsa15", "Basic256",
## "Basic256Sha256", or "auto"
security_policy = "Basic256Sha256"
#
## Security mode, one of "None", "Sign", "SignAndEncrypt", or "auto"
security_mode = "Sign"
#
## Path to cert.pem. Required when security mode or policy isn't "None".
## If cert path is not supplied, self-signed cert and key will be generated.
certificate = "/cert.pem"
#
## Path to private key.pem. Required when security mode or policy isn't "None".
## If key path is not supplied, self-signed cert and key will be generated.
private_key = "/key.pem"
Yes you’re right I already corrected the paths (to the Telegraf folder).
But my issue is where to get this files?
I want to connect to a TwinCat3 Server
TwinCat requires a Security certificate.
They are not auto-generated for Telegraf.
The acces is denied without these cert/key.
I tried to copy this certificates from the TwinCat-Folder, but not sure whre to find the “key”.
This is what the CLI responds after starting Telegraf:
2021-10-28T13:00:58Z I! Failed to load certificate: tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been
switched
2021-10-28T13:00:58Z E! [inputs.opcua] Error in plugin: error in Client Connection: opcua: invalid channel config: Security policy
'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256' requires a private key
2021-10-28T13:00:58Z E! [telegraf] Error running agent: input plugins recorded 1 errors
FYI complete Telegraf.conf looks like this:
### Configuration for telegraf agent
[agent]
interval = "10s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 1000
collection_jitter = "0s"
flush_interval = "10s"
flush_jitter = "0s"
precision = "ns"
debug = false
quiet = false
#hostname = ""
[[outputs.influxdb_v2]]
urls = ["http://localhost:8086"]
token = "$INFLUX_TOKEN"
organization = "MasterOrg"
bucket = "OPC_UA_Test"
[[inputs.opcua]]
## Metric name
name = "opcua"
#
## OPC UA Endpoint URL
endpoint = "opc.tcp://Manu:4840"
## Maximum time allowed to establish a connect to the endpoint.
connect_timeout = "10s"
#
## Maximum time allowed for a request over the estabilished connection.
request_timeout = "5s"
#
## Security policy, one of "None", "Basic128Rsa15", "Basic256",
## "Basic256Sha256", or "auto"
security_policy = "Basic256Sha256"
#
## Security mode, one of "None", "Sign", "SignAndEncrypt", or "auto"
security_mode = "Sign"
#
## Path to cert.pem. Required when security mode or policy isn't "None".
## If cert path is not supplied, self-signed cert and key will be generated.
#certificate = "/cert.pem"
certificate = "/Program Files/Telegraf/cert.pem"
#
## Path to private key.pem. Required when security mode or policy isn't "None".
## If key path is not supplied, self-signed cert and key will be generated.
# private_key = "/key.pem"
private_key = "/Program Files/Telegraf/key.pem"
#
## Authentication Method, one of "Certificate", "UserName", or "Anonymous". To
## authenticate using a specific ID, select 'Certificate' or 'UserName'
auth_method = "Anonymous"
nodes = [
{name="nCounter",namespace="4",identifier_type="i",identifier="MAIN.nCounter",data_type="int"},
]
