Certificates
Some protocols and tools use certificates for authentication or signing purposes. If you need to create self-signed certificates to test OIBus, you can follow this guide. A configuration file cert.conf should be created to insert some settigns for the certificate creation. Here is an example that will be used for this guide:
[ req ]
default_bits = 2048
default_md = sha256
distinguished_name = subject
req_extensions = req_ext
x509_extensions = req_ext
string_mask = utf8only
prompt = no
[ req_ext ]
basicConstraints = CA:FALSE
nsCertType = client, server
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign
extendedKeyUsage= serverAuth, clientAuth
nsComment = "OIBus User Cert"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
subjectAltName = URI:urn:opcua:user:oibus,IP: 127.0.0.1
[ subject ]
countryName = FR
stateOrProvinceName = FR
localityName = Chambéry
organizationName = OI
commonName = oibus
Using certificates with ProSys OPC UA Simulation Server
- Create a private key and certificate using the
cert.conf:
openssl req -new -x509 -keyout oibus.key -out oibus.pem -config cert.conf
- Remove private key passphrase:
openssl rsa -in oibus.key -out oibus.key
- Create DER cert for ProSys:
openssl x509 -inform PEM -outform DER -in oibus.pem -out oibus.der
- Copy the DER cert in ProSys USERS_PKI certificate folder:
prosys-opc-ua-simulation-server\USERS_PKI\CA\certs
Signing OIBus Windows Installer
These commands can be used with Powershell, on a Windows system.
- Generate CSR (Certificate Signing Request) from
cert.conffile, and keep secret the private.key:
openssl req -new -newkey rsa:4096 -keyout private.key -sha256 -nodes -out oibus.csr -config cert.conf
- Create a local self-signed certificate
openssl x509 -req -in oibus.csr -signkey private.key -out oibus.crt
- Convert the cert file to PFX file
openssl pkcs12 -export -in oibus.crt -inkey private.key -out oibus.pfx -passout pass:password -name OIBus
- Convert PFX certificate file to base64
base64 oibus.pfx > oibus64.pfx
- Run sign tool
$env:PFX_PASSWORD = "password" ; $env:PFX_PATH = "path" ; npm run build:win-setup