Miscellaneous utilities
A tool to create the HA aggregate examples appearing in Part 13.
It is a Windows Form application. Select File | Load to load the default dataset.
This tool depends on a copy of the UA .NET Stack. If the UA .NET Stack part is changed a new mantis issue needs to be created so the main codebase can be updated too.
A tool to create OPC UA compliance certificates built with the OpenSSL library.
A pre-built binary can be downloaded from the OPC Foundation website.
The solution requires VS2015 to build but produce an EXE that can be used without any additional dependencies on Windows XP or later systems.
It is a command line utility with the following arguments:
-command or -cmd <issue | revoke | unrevoke | convert | replace | request | process> The action to perform (default = issue).
- issue: create a new certificate.
- revoke: revoke a certificate.
- unrevoke: unrevoke a certificate.
- convert: convert a private key file.
- replace: update the certificates in a PFX file.
- request: create a new certificate signing request.
- process: create a new certificate from a new certificate signing request.
Argument | Description |
---|---|
-storePath or -sp | The directory of the certificate store (must be writeable). |
-applicationName or -an | The name of the application. |
-applicationUri or -au | The URI for the appplication. |
-subjectName or -sn | The distinguished subject name, fields seperated by a / (i.e. CN=Hello/O=World). |
-organization or -o | The organization. |
-domainNames or -dn , | A list of domain names seperated by commas |
-password or -pw | The password for the new private key file. |
-issuerCertificate or -icf | The path to the issuer certificate file. |
-issuerKeyFilePath or -ikf | The path to the issuer private key file. |
-issuerKeyPassword or -ikp | The password for the issuer private key file. |
-keySize or -ks | The size of key as a multiple of 1024 (default = 1024). |
-hashSize or -hs | The size of hash <160 |
-startTime or -st | The start time for the validity period (nanoseconds from 1600-01-01). |
-lifetimeInMonths or -lm | The lifetime in months (default = 60). |
-publicKeyFilePath or -pbf | The path to the certificate to renew or revoke (a DER file). |
-privateKeyFilePath or -pvf | The path to an existing private key to reuse or convert. |
-privateKeyPassword or -pvp | The password for the existing private key. |
-reuseKey or -rk <true | false> |
-ca <true | false> |
-pemInput <true | false> |
-pem <true | false> |
-requestFilePath or -rfp | The path to certificate signing request. |
-inlineOutput or -io | Write all output as a hexadecimal string instead of saving to a file. |
All input file arguments can be a valid directory path or a hexadecimal string.
All output files are written to output as hexadecimal strings if -inlineOutput true is specified.
Example | Arguments |
---|---|
Create a self-signed: | -cmd issue -sp . -an MyApp -au urn:MyHostMyCompany:MyApp -o MyCompany -dn MyHost -pw MyCertFilePassword |
Create a CA Certificate: | -cmd issue -sp . -sn CN=MyCA/O=Acme -ca true |
Issue an Application Certificate: | -cmd issue -sp . -an MyApp -ikf CaKeyFile -ikp CaPassword |
Renew a Certificate: | -cmd issue -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword |
Revoke a Certificate: | -cmd revoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword |
Unrevoke a Certificate: | -cmd unrevoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword |
Convert key format: | -cmd convert -pvf MyKeyFile -pvp oldpassword -pem true -pw newpassword |
Create a certificate request: | -cmd request -pbf MyCertFile.der -pvf MyCertFile.pfx -pvp MyCertFilePassword -rfp MyRequest.csr |
Process a certificate request: | -cmd process -rfp MyRequest.csr -ikf CaKeyFile -ikp CaPassword -pbf MyCertFile.der |