Miscellaneous utilities
A tool to create the HA aggregate examples appearing in Part 13.
It is a Windows Form application. Select File | Load to load the default dataset.
This tool depends on a copy of the UA .NET Stack. If the UA .NET Stack part is changed a new mantis issue needs to be created so the main codebase can be updated too.
A tool to create OPC UA compliance certificates built with the latest OpenSSL 1.1.1 library. Pre-built OpenSSL binaries are checked in. Only need to build if needed for debugging.
OpenSSL can be found here: https://github.com/openssl/openssl
Building OpenSSL 1.1.1 requires Perl which can be found here: http://strawberryperl.com/
The solution requires VS2015 to build but produce an EXE that can be used without any additional dependencies on Windows XP or later systems.
It is a command line utility with the following arguments:
-command or -cmd <issue | revoke | unrevoke | convert | replace | request | process> The action to perform (default = issue).
- issue: create a new certificate.
- revoke: revoke a certificate.
- unrevoke: unrevoke a certificate.
- convert: convert a private key file.
- replace: update the certificates in a PFX file.
- request: create a new certificate signing request.
- process: create a new certificate from a new certificate signing request.
| Argument | Description |
|---|---|
| -storePath or -sp | The directory of the certificate store (must be writeable). |
| -applicationName or -an | The name of the application. |
| -applicationUri or -au | The URI for the appplication. |
| -subjectName or -sn | The distinguished subject name, fields seperated by a / (i.e. CN=Hello/O=World). |
| -organization or -o | The organization. |
| -domainNames or -dn , | A list of domain names seperated by commas |
| -password or -pw | The password for the new private key file. |
| -issuerCertificate or -icf | The path to the issuer certificate file. |
| -issuerKeyFilePath or -ikf | The path to the issuer private key file. |
| -issuerKeyPassword or -ikp | The password for the issuer private key file. |
| -keySize or -ks | The size of key as a multiple of 1024 (default = 1024). |
| -hashSize or -hs | The size of hash <160 |
| -startTime or -st | The start time for the validity period (nanoseconds from 1600-01-01). |
| -lifetimeInMonths or -lm | The lifetime in months (default = 60). |
| -publicKeyFilePath or -pbf | The path to the certificate to renew or revoke (a DER file). |
| -privateKeyFilePath or -pvf | The path to an existing private key to reuse or convert. |
| -privateKeyPassword or -pvp | The password for the existing private key. |
| -reuseKey or -rk <true | false> |
| -ca <true | false> |
| -pemInput <true | false> |
| -pem <true | false> |
| -requestFilePath or -rfp | The path to certificate signing request. |
| -inlineOutput or -io | Write all output as a hexadecimal string instead of saving to a file. |
All input file arguments can be a valid directory path or a hexadecimal string.
All output files are written to output as hexadecimal strings if -inlineOutput true is specified.
| Example | Arguments |
|---|---|
| Create a self-signed: | -cmd issue -sp . -an MyApp -au urn:MyHostMyCompany:MyApp -o MyCompany -dn MyHost -pw MyCertFilePassword |
| Create a CA Certificate: | -cmd issue -sp . -sn CN=MyCA/O=Acme -ca true |
| Issue an Application Certificate: | -cmd issue -sp . -an MyApp -ikf CaKeyFile -ikp CaPassword |
| Renew a Certificate: | -cmd issue -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword |
| Revoke a Certificate: | -cmd revoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword |
| Unrevoke a Certificate: | -cmd unrevoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword |
| Convert key format: | -cmd convert -pvf MyKeyFile -pvp oldpassword -pem true -pw newpassword |
| Create a certificate request: | -cmd request -pbf MyCertFile.der -pvf MyCertFile.pfx -pvp MyCertFilePassword -rfp MyRequest.csr |
| Process a certificate request: | -cmd process -rfp MyRequest.csr -ikf CaKeyFile -ikp CaPassword -pbf MyCertFile.der |