Page 1 of 1

CertificateGenerator does not generate a certificate

Posted: 22 Jul 2020, 17:55
by ThomasTIP
Locally, the following code works to create a client certificate in the specified folder:

using (var factory = e.Application.SecurityProvider.CreateCertificateFactory())
{
e.NewCertificate = factory.CreateCertificate(certificateBasePath, new CreateCertificateSettings()
{
ApplicationUri = ApplicationInstance.Default.ApplicationUri,
CommonName = "MyWindowsServiceName",
DomainNames = new List<string>() { System.Net.Dns.GetHostName() },
HashSizeInBits = 256,
KeySize = 4096,
LifetimeInMonths = 60,
PrivateKeyPassword = myPassword,
StartTime = DateTime.Today
});
e.UpdateConfiguration = true;
}

I have the Opc.Ua.CertificateGenerator.exe in the same folder as my service exe. When the service executes the OPC connection the first time, above code correctly creates all certificate subfolders and files in the folder certificateBasePath. But this only works locally.

When I run it at my customer, the code does not create any subfolders or files. However, I caught an exception saying "The file exists" - even though there is no file in the path. What could be the reason? Is there an option to get a more specific exception when certificate creation fails?

What I also noticed is that my ApplicationUri is set correctly locally, but not at my customer.
Locally I have urn:ActualHostname:ActualCompanyname:Applicationname@localhost, but at my customer I have urn:InsertComputerName:InsertCompanyName:Applicationname@localhost
I set the hostname part using System.Environment.MachineName, but it seems as if this does not get properly resolved.
The companyname part is set as hardcoded string, which raises even more question marks why this would not be reflected correctly in the ApplicationUri.

I'd be very grateful for any suggestions,
Thomas

PS: two more details:
> According to tech support the user running the service has full local admin rights
> the service is installed on drive R:\, not C:\ - I saw a topic on this forum where a drive letter for the windows installation itself other than C:\ causes problems, I am not sure if installing the application on anything else than C:\ would cause issues as well?

Re: CertificateGenerator does not generate a certificate

Posted: 24 Jul 2020, 09:26
by ThomasTIP
Solved... The message "This file exists" is caused by too many files in the user's temp path. After cleaning up this path the certificate was generated properly.