CertificateGenerator does not generate a certificate

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

Moderator: uasdknet

Post Reply
ThomasTIP
Full Member
Full Member
Posts: 7
Joined: 08 Jun 2020, 13:06

CertificateGenerator does not generate a certificate

Post by ThomasTIP »

Locally, the following code works to create a client certificate in the specified folder:

using (var factory = e.Application.SecurityProvider.CreateCertificateFactory())
{
e.NewCertificate = factory.CreateCertificate(certificateBasePath, new CreateCertificateSettings()
{
ApplicationUri = ApplicationInstance.Default.ApplicationUri,
CommonName = "MyWindowsServiceName",
DomainNames = new List<string>() { System.Net.Dns.GetHostName() },
HashSizeInBits = 256,
KeySize = 4096,
LifetimeInMonths = 60,
PrivateKeyPassword = myPassword,
StartTime = DateTime.Today
});
e.UpdateConfiguration = true;
}

I have the Opc.Ua.CertificateGenerator.exe in the same folder as my service exe. When the service executes the OPC connection the first time, above code correctly creates all certificate subfolders and files in the folder certificateBasePath. But this only works locally.

When I run it at my customer, the code does not create any subfolders or files. However, I caught an exception saying "The file exists" - even though there is no file in the path. What could be the reason? Is there an option to get a more specific exception when certificate creation fails?

What I also noticed is that my ApplicationUri is set correctly locally, but not at my customer.
Locally I have urn:ActualHostname:ActualCompanyname:Applicationname@localhost, but at my customer I have urn:InsertComputerName:InsertCompanyName:Applicationname@localhost
I set the hostname part using System.Environment.MachineName, but it seems as if this does not get properly resolved.
The companyname part is set as hardcoded string, which raises even more question marks why this would not be reflected correctly in the ApplicationUri.

I'd be very grateful for any suggestions,
Thomas

PS: two more details:
> According to tech support the user running the service has full local admin rights
> the service is installed on drive R:\, not C:\ - I saw a topic on this forum where a drive letter for the windows installation itself other than C:\ causes problems, I am not sure if installing the application on anything else than C:\ would cause issues as well?
Top
ThomasTIP
Full Member
Full Member
Posts: 7
Joined: 08 Jun 2020, 13:06

Re: CertificateGenerator does not generate a certificate

Post by ThomasTIP »

Solved... The message "This file exists" is caused by too many files in the user's temp path. After cleaning up this path the certificate was generated properly.
Top
Post Reply

Return to “.NET based OPC UA SDK”