Log In
Home
02/14/2022
Offline
Hello
I have to create a communication between my application (in C#) and an OPC UA server (KepWare).
For the moment, I succeeded to communicate without any security.
So now I want to use certificates. But I don't succeed to use them.
So I am looking for "Step by step" way to implement certificates in my C# application.
What I have done :
- Have a look to OPC Foundation sample => not working and I
- Try to use Opc.Ua.ConfigurationTool => not working but not sure to really understand what I have to do exactlly with this tool.
- Read lot of documents that explain the theory. But now I have to implement.
- I use official OPC Foundation Nugets package
Thanks for help!
05/30/2017
Offline
The C# samples should automatically create any certificates they need when they start up.
Here is the documentation:
02/14/2022
Offline
Thanks for answer but didn't help me.
Documentation didn't explain how to implement security (only theory)
Examples didn't work
I want to create a new application.
But, as I understand it, I have to use a sample application to create the certificates and then use them in my own application ?
Seems to be complicated !
My first question was : I am looking for a detailed procedure to use the certificates.
For the moment I can communicate without any security !
05/30/2017
Offline
All applications built with the NETStandard codebase can create their own certificate when they start (i.e. when CheckApplicationCertificate is called).
// check the application certificate.
bool haveAppCertificate = await application.CheckApplicationInstanceCertificate(
false, CertificateFactory.DefaultKeySize, CertificateFactory.DefaultLifeTime).ConfigureAwait(false);
if (!haveAppCertificate)
{
throw new Exception("Application instance certificate invalid!");
}
The location and contents of the auto-created certificate are specified in the configuration file.
<!-- Where the application instance certificate is stored (MachineDefault) -->
<ApplicationCertificate>
<StoreType>Directory</StoreType>
<StorePath>./pki/own</StorePath>
<SubjectName>CN=Quickstart Reference Server/DC=localhost</SubjectName>
</ApplicationCertificate>
The configuration file also specifies the location of the trust list as a directory on disk.
<!-- Where the issuer certificate are stored (certificate authorities) -->
<TrustedIssuerCertificates>
<StoreType>Directory</StoreType>
<StorePath>./pki/issuer</StorePath>
</TrustedIssuerCertificates><!-- Where the trust list is stored (UA Applications) -->
<TrustedPeerCertificates>
<StoreType>Directory</StoreType>
<StorePath>./pki/trusted</StorePath>
</TrustedPeerCertificates>
If client A wants to communicate with application B.
Then server B certificate must be copied to the trust list of client A (location in client A configuration file)
AND
Then client ! certificate must be copied to the trust list of server B (location in server A configuration file)
The rejected certificate folder stores untrusted certificates that allow an admin to review them before copying to the trust list. The location of the rejected folder is also in the configuration file.
<!-- The directory used to store invalid certficates for later review by the administrator. -->
<RejectedCertificateStore>
<StoreType>Directory</StoreType>
<StorePath>./pki/rejected</StorePath>
</RejectedCertificateStore>
1 Guest(s)
Usage Policy