Client will not create certificates

Bradyh98 · Post by **Bradyh98** » 29 Jan 2020, 18:22

I have the following code:

UaStatus UAConfiguration::setupSecurity(SessionSecurityInfo & sessionSecurityInfo)
{
UaStatus result;
// create directories
UaDir dirHelper("");
UaUniString usClientCertificatePath(dirHelper.filePath(UaDir::fromNativeSeparators(m_clientCertificateFile.toUtf16())));
dirHelper.mkpath(usClientCertificatePath);
UaUniString usPrivateKeyPath(dirHelper.filePath(UaDir::fromNativeSeparators(m_clientPrivateKeyFile.toUtf16())));
dirHelper.mkpath(usPrivateKeyPath);
UaUniString usTrustListLocationPath(dirHelper.filePath(UaDir::fromNativeSeparators(m_certificateTrustListLocation.toUtf16())));
dirHelper.mkpath(usTrustListLocationPath);
UaUniString usRevocationListPath(dirHelper.filePath(UaDir::fromNativeSeparators(m_certificateRevocationListLocation.toUtf16())));
dirHelper.mkpath(usRevocationListPath);
// try to load the client certificate
UaPkiCertificate clientCertificate = UaPkiCertificate::fromDERFile(m_clientCertificateFile);
// Setup Username and Password
sessionSecurityInfo.setUserPasswordUserIdentity(m_clientUsername, m_clientPassword);

// certificate doesn't exists - we create a new one
if (clientCertificate.isNull())
{
// Create the certificate
UaPkiRsaKeyPair keyPair(1024);
UaPkiPrivateKey IssuerPrivateKey;
UaPkiPublicKey SubjectPublicKey;
UaPkiIdentity identity;
UaString sNodeName;
char szHostName[256];
if (0 == UA_GetHostname(szHostName, 256))
{
sNodeName = szHostName;
}
identity.commonName = UaString("Client_Cpp_SDK@%1").arg(sNodeName);
identity.organization = "Organization";
identity.organizationUnit = "Unit";
identity.locality = "LocationName";
identity.state = "Ohio";
identity.country = "USA";
identity.domainComponent = sNodeName;
UaPkiCertificateInfo info;
info.URI = UaString("urn:%1:%2:%3").arg(sNodeName).arg(COMPANY_NAME).arg(PRODUCT_NAME);
info.DNSNames.create(1);
sNodeName.copyTo(&info.DNSNames[0]);
info.validTime = 3600 * 24 * 365 * 5; // 5 years in seconds
IssuerPrivateKey = keyPair.privateKey();
SubjectPublicKey = keyPair.publicKey();
// create a self signed certificate
UaPkiCertificate cert(info, identity, keyPair); // These ARGS need to be evaluated for correctness
// save public key to file
//cert.toDERFile(m_clientCertificateFile.toUtf8());
cert.toDERFile(m_clientCertificateFile);
// save private key to file
keyPair.toPEMFile(m_clientPrivateKeyFile.toUtf8(), 0);
}
// initialize the PKI provider for using OpenSSL
result = sessionSecurityInfo.initializePkiProviderOpenSSL(
m_certificateRevocationListLocation,
m_certificateTrustListLocation,
m_issuersRevocationListLocation,
m_issuersCertificatesLocation);
if (result.isBad())
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not initialize PKI\n");
printf("*******************************************************\n");
return result;
}
// load client certificate and private key
result = sessionSecurityInfo.loadClientCertificateOpenSSL(
m_clientCertificateFile,
m_clientPrivateKeyFile,
m_clientPassword);

if (result.isBad())
{
printf("*******************************************************\n");
printf("** setupSecurity failed!\n");
printf("** Could not load Client certificate\n");
printf("** Connect will work only without security\n");
printf("*******************************************************\n");
return result;
}
return result;
}

For whatever reason it will not create the DER certificate needed to connect to the KepServer. However it will create the PEM certificate. Does anyone know why this is?