Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OPC Publisher: Failed to decode the CRL

See original GitHub issue

While connection the OPC Publisher in a project I need to add the whole Client Certificate chain including the CRLs for die Client Certificate of the OPC Server. Reading the CRL of the Root-CA is not possible and I’ll get the following error Message:

[ERR] Error while trying to read information from trusted issuer store.
System.Security.Cryptography.CryptographicException: Failed to decode the CRL.
---> System.Formats.Asn1.AsnContentException: The provided data is tagged with 'Universal' class value '24', but it should have been 'ContextSpecific' class value '0'.
   at System.Formats.Asn1.AsnDecoder.CheckExpectedTag(Asn1Tag tag, Asn1Tag expectedTag, UniversalTagNumber tagNumber)
   at System.Formats.Asn1.AsnDecoder.ReadSequence(ReadOnlySpan`1 source, AsnEncodingRules ruleSet, Int32& contentOffset, Int32& contentLength, Int32& bytesConsumed, Nullable`1 expectedTag)
   at System.Formats.Asn1.AsnReader.ReadSequence(Nullable`1 expectedTag)
   at Opc.Ua.Security.Certificates.X509CRL.DecodeCrl(Byte[] tbs)
   --- End of inner exception stack trace ---
   at Opc.Ua.Security.Certificates.X509CRL.DecodeCrl(Byte[] tbs)
   at Opc.Ua.Security.Certificates.X509CRL.Decode(Byte[] crl)
   at Microsoft.Azure.IIoT.OpcUa.Protocol.OpcConfigEx.ShowCertificateStoreInformationAsync(ApplicationConfiguration appConfig, ILogger logger)

The CRL is in DER-Format with and .crl-Ending I’m also using the --aa flag in the OPC Publisher Create Container Options, but it seems to be ignored.

The certificates are required as soon as I enable UsernamePassword Authentication (UseSecurity-Flag is set to false)

Expected behavior The CRL should be loaded without any error message and the connection between the Publisher and the OPC Server should be successful.

Container Create Options

  "Hostname": "OPCPublisher",
  "Cmd": [
  "HostConfig": {
    "Binds": ["/iiotedge:/appdata"]


  • OS: Red Hat Enterprise Linux
  • Publisher-Version: latest

Issue Analytics

  • State:closed
  • Created 8 months ago
  • Comments:9 (5 by maintainers)

github_iconTop GitHub Comments

CONealcommented, Jan 18, 2023

Hi @mregen,

no, the CRL is in DER-Format.

Edit: Removed CRL File due to customers’ request

marcschiercommented, May 19, 2023

Preview 2 is now out with latest OPC UA stack.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Certificate error : unable to load CRL in trust store #174
CryptographicException: Failed to decode the X509 signature. ---> System.Formats. ... Decode(Byte[] crl) at Opc.Ua.Security.Certificates.
Read more >
OPC Publisher EDGE device error communication ...
OPC Publisher EDGE device error communication error unable to start metric server ,system.Net.HttpListenerException (5) Access denied.
Read more >
Issuing CA produces errors when publishing base and ...
AD CS Certificate Revocation List (CRL) Publishing - Failed to publish base CRL Alert Description Source: <server name>.
Read more >
Missing CRLs
Missing CRLs. This policy setting controls whether Outlook considers a missing certificate revocation list (CRL) a warning or an error.
Read more >
During deletion of last subscription the server sends Publish responses with BadNoSubscription ... Windows: - Trace reason for error during CRL loading.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found