Professional OPC
Development Tools

logos

Creating client cert with customized start and end dates

More
02 Jul 2019 06:32 #7470 by support
Thank you for the update.

Please Log in or Create an account to join the conversation.

More
01 Jul 2019 19:46 #7467 by sjscheider
Thanks, I was able to get it working by using the follow code.
                X509Certificate2 certificate = CertificateFactory.CreateCertificate(
                    "X509Store",
                    "CurrentUser\\My",
                    null,
                    $"urn:{Environment.MachineName.ToLower()}:{appName}:{appVersion}:neutral:null",
                    appName,
                    $"CN={appName}, C=US, S=XXXXXXX, O=YYYYYYYYYY, DC={Environment.MachineName.ToLower()}",
                    serverDomainNames,
                    0,
                    new DateTime(2018, 12, 31),
                    5 * 12,
                    CertificateFactory.defaultHashSize,
                    false,
                    null,
                    null
                );
The following user(s) said Thank You: support

Please Log in or Create an account to join the conversation.

More
16 Apr 2019 08:07 #7329 by support
The OPC Foundation's source code for the certificate generator (in C++) is here: github.com/OPCFoundation/Misc-Tools/tree/master/CertificateGenerator .
I did a quick check - not sure if I have understood everything right, take it with some reservation. But normally, the "-lifetimeInMonths" is used to control the cert validity. But, there also seems to be "-startTime" switch, maybe that's what you are looking for.

QuickOPC relies on OPC Foundation stack/SDK for cert generation. When QuickOPC runs under .NET Framework, it means that the (now) so-called .NET "legacy" stack used, and it calls the UA certificate generator (as separate EXE) from inside the C# code. So, there is no true C# code for cert generation to speak of.

When QuickOPC runs under .NET Core, it is based on the OPC Foundation's .NET Standard stack, for which you can find the source code here: github.com/OPCFoundation/UA-.NETStandard . The C# cert generation code should be in there.

Regards

Please Log in or Create an account to join the conversation.

More
16 Apr 2019 02:43 #7328 by sjscheider
I've tried using the command line tool from OPC Foundation but it does not appear to allow me to set the start date to a previous date which is required for our particular use case.

I did figure out how to specify a cert I generated to be used by QuickOPC, but I still can't seem to generate a valid cert using C#. I've also tried generating the cert via C# but the certs I'm generating are coming back as invalid. Do you have some sample code you use to generate the certs? I was not able to identify it in the source code I downloaded.

Please Log in or Create an account to join the conversation.

More
13 Apr 2019 13:34 #7325 by support
When we simplify it to the maximum, QuickOPC
1. Determines the name of the client certificate and where it should be stored
2. Looks up the certificate, and if found, uses it
3. When not found, determines parameters of the certificate, generates it and then uses it.

In Step 3, *some* of the certificate info is controllable by parameters that you can set on the EasyUAClient class, but definitely not all of them. Start and end of validity cannot be controlled.

If you want your client app to use such certificate, you need to create it by other means, store it into the appropriate certificate store. The name must match - this can be achieved either by generating a certificate with a name that matches that automatically chosen name by QuickOPC, OR by selecting a name of your wish, and then setting the appropriate parameter in EasyUAClient to use that name when looking up the certificate.

OPC Foundation's certificate generator (command-line based) can be found on GitHub.

Best regards

Please Log in or Create an account to join the conversation.

More
12 Apr 2019 19:09 #7323 by sjscheider
Is it possible to create a cert with a specific start and end date?

If yes, how?

If no, can you recommend any C# code to do so? I've tried but the cert is not being expected on the server and I'm not exactly sure what I'm missing.

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.174 seconds

      

 Recommend this on Google