Miscellaneous utilities
A tool to create the HA aggregate examples appearing in Part 13.
It is a Windows Form application. Select File | Load to load the default dataset.
This tool depends on a copy of the UA .NET Stack. If the UA .NET Stack part is changed a new mantis issue needs to be created so the main codebase can be updated too.
A tool to create OPC UA compliance certificates built with the latest OpenSSL 1.1.1 library. Pre-built OpenSSL binaries are checked in. Only need to build if needed for debugging.
OpenSSL can be found here: https://github.com/openssl/openssl
Building OpenSSL 1.1.1 requires Perl which can be found here: http://strawberryperl.com/
The solution requires VS2015 to build but produce an EXE that can be used without any additional dependencies on Windows XP or later systems.
It is a command line utility with the following arguments:
-command or -cmd <issue | revoke | unrevoke | convert | replace | request | process> The action to perform (default = issue).
- issue: create a new certificate.
- revoke: revoke a certificate.
- unrevoke: unrevoke a certificate.
- convert: convert a private key file.
- replace: update the certificates in a PFX file.
- request: create a new certificate signing request.
- process: create a new certificate from a new certificate signing request.
Argument | Description |
---|---|
-storePath or -sp | The directory of the certificate store (must be writeable). |
-applicationName or -an | The name of the application. |
-applicationUri or -au | The URI for the appplication. |
-subjectName or -sn | The distinguished subject name, fields seperated by a / (i.e. CN=Hello/O=World). |
-organization or -o | The organization. |
-domainNames or -dn , | A list of domain names seperated by commas |
-password or -pw | The password for the new private key file. |
-issuerCertificate or -icf | The path to the issuer certificate file. |
-issuerKeyFilePath or -ikf | The path to the issuer private key file. |
-issuerKeyPassword or -ikp | The password for the issuer private key file. |
-keySize or -ks | The size of key as a multiple of 1024 (default = 1024). |
-hashSize or -hs | The size of hash <160 |
-startTime or -st | The start time for the validity period (nanoseconds from 1600-01-01). |
-lifetimeInMonths or -lm | The lifetime in months (default = 60). |
-publicKeyFilePath or -pbf | The path to the certificate to renew or revoke (a DER file). |
-privateKeyFilePath or -pvf | The path to an existing private key to reuse or convert. |
-privateKeyPassword or -pvp | The password for the existing private key. |
-reuseKey or -rk <true | false> |
-ca <true | false> |
-pemInput <true | false> |
-pem <true | false> |
-requestFilePath or -rfp | The path to certificate signing request. |
-inlineOutput or -io | Write all output as a hexadecimal string instead of saving to a file. |
All input file arguments can be a valid directory path or a hexadecimal string.
All output files are written to output as hexadecimal strings if -inlineOutput true is specified.
Example | Arguments |
---|---|
Create a self-signed: | -cmd issue -sp . -an MyApp -au urn:MyHostMyCompany:MyApp -o MyCompany -dn MyHost -pw MyCertFilePassword |
Create a CA Certificate: | -cmd issue -sp . -sn CN=MyCA/O=Acme -ca true |
Issue an Application Certificate: | -cmd issue -sp . -an MyApp -ikf CaKeyFile -ikp CaPassword |
Renew a Certificate: | -cmd issue -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword |
Revoke a Certificate: | -cmd revoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword |
Unrevoke a Certificate: | -cmd unrevoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword |
Convert key format: | -cmd convert -pvf MyKeyFile -pvp oldpassword -pem true -pw newpassword |
Create a certificate request: | -cmd request -pbf MyCertFile.der -pvf MyCertFile.pfx -pvp MyCertFilePassword -rfp MyRequest.csr |
Process a certificate request: | -cmd process -rfp MyRequest.csr -ikf CaKeyFile -ikp CaPassword -pbf MyCertFile.der |