how to load my own certificate in OPCUA Server instead of auto generation? | OPC UA Standard | Forum

Lost password?

Home Forum OPC UA Standard how to load my own certificate in O…

how to load my own certificate in OPCUA Server instead of auto generation?

prabhakaran prabs

Member

Members

Forum Posts: 52

Member Since:
01/07/2022

Offline

07/30/2024 - 03:05

Hi,

I have developed OPC UA SERVER application using CSharp(C#) language.

OPC UA SERVER SDK used in the current solution is 1.4.366.0 which is having an auto generation of self-signed certificates during the server startup.

So currently I am looking into different options on how to load my own certificate.? (I have created certificate by XCA TOOL) from the configuration instead of auto generation.

<ApplicationCertificate>
<StoreType>Directory</StoreType>
<StorePath>%CommonApplicationData%\OPC Foundation\pki\own</StorePath>
<SubjectName>CN=OPCUASERVER,OU=Als,O=Als1,C=IN</SubjectName>
</ApplicationCertificate>

I am using following code

ApplicationInstance application = new ApplicationInstance();

application.ApplicationType = ApplicationType.Server;

application.ConfigSectionName = "opcuaserver";

//load the application configuration.

if (Directory.Exists("config"))

{

config = await application.LoadApplicationConfiguration("config/opcuaserver_configmap.xml", false);

}

else

{

config = await application.LoadApplicationConfiguration("opcuaserver_configmap.xml", false);

}

// check the application certificate.

bool haveAppCertificate = await application.CheckApplicationInstanceCertificate(false, 0);

if (!haveAppCertificate)

{

throw new Exception("Application instance certificate invalid!");

}

if (!config.SecurityConfiguration.AutoAcceptUntrustedCertificates)

{

config.CertificateValidator.CertificateValidation += new CertificateValidationEventHandler(CertificateValidator_CertificateValidation);

}

Randy Armstrong

Admin

Forum Posts: 1537

Member Since:
05/30/2017

Offline

08/01/2024 - 22:17

If you create your own certificate you need to copy it to the folder specified by the ApplicationCertificate element in configuration and ensure the SubjectName or Thumbprint exactly matches your certificate.

Note the SDK uses this directory layout for certificate stores:

https://reference.opcfoundatio.....5/docs/F.1

prabhakaran prabs

Member

Members

Forum Posts: 52

Member Since:
01/07/2022

Offline

08/02/2024 - 00:22

Hi, thanks for your reply. I have tried with my own certificate and placed under--> %CommonApplicationData%\OPC Foundation\pki\own\certs path.

My own certificate file which is generated by XCA tool ---->OPCUASERVER.cer. I have configured subject name details in config file

CN=OPCUASERVER, OU=Als, C=IN

<SubjectName>CN=OPCUASERVER, OU=Als, C=IN</SubjectName>

but I am getting following error when OPC UA server application calls following method,

application.DisableCertificateAutoCreation = true; (disable auto certificate creation make it as true)

bool haveAppCertificate = await application.CheckApplicationInstanceCertificate(false, 0);

One or more errors occurred. (There is no cert with subject CN=OPCUASERVER, OU=Als, C=IN in the configuration.Please generate a cert for your application,then copy the new cert to this location:%CommonApplicationData%\OPC Foundation\pki\own)

Randy Armstrong

Admin

Forum Posts: 1537

Member Since:
05/30/2017

Offline

08/02/2024 - 18:08

use DER suffix and PFX for the private key.

You need to DER and the PFX. Only one is not enough.

prabhakaran prabs

Member

Members

Forum Posts: 52

Member Since:
01/07/2022

Offline

08/04/2024 - 22:53

does OPC UA supports only DER and PFX format?

Randy Armstrong

Admin

Forum Posts: 1537

Member Since:
05/30/2017

Offline

08/05/2024 - 01:56

CER is the same as DER but the SDK only looks for DER files.

The SDK supports PFX and PEM.

This is not a UA issue. It is a SDK issue.

Forum Timezone: America/Phoenix

Most Users Ever Online: 510

Currently Online:

Guest(s) 17

Currently Browsing this Page:
1 Guest(s)