Experimental Physics and
Industrial Control System

hello ralph lange:

Thank you for your guidance last time.   

 I'm having trouble with OPC UA. How to use the 'setClientCertificate' command?

epics> opcuaShowSecurity
Certificate store:
  Server trusted certificates dir: 
  Server revocation list dir: 
  Issuer trusted certificates dir: 
  Issuer revocation list dir: 
  Rejected certificates are not saved.
ApplicationURI: urn:[email protected]:EPICS:IOC
No client certificate loaded.
Supported security policies:  Basic128Rsa15 Basic256 Basic256Sha256 None
epics> setClientCertificate
Command setClientCertificate not found.
epics> 

Regards

-----原始邮件-----
发件人:"Ralph Lange" <ralph.lange at gmx.de>
发送时间:2023-03-29 21:58:07 (星期三)
收件人: "谭映雷" <tanyl at ihep.ac.cn>
抄送: "EPICS Tech Talk" <tech-talk at aps.anl.gov>
主题: Re: How do I setEPICS opc UA security Settings?

Hello Yinglei Tan,

On Wed, 29 Mar 2023 at 14:49, 谭映雷 via Tech-talk <tech-talk at aps.anl.gov> wrote:

How do I setEPICS opc UA security Settings?

Hi:
How do I setEPICS  opc UA security Settings?

When I set up the EPICS OPC UA client, the server did not receive the reject (.der) file, but I did receive certificates from the server.
[...]

What should I do to create a client certificate? Should the client certificate be copied to the server?

Any suggestions/solution approaches are welcome.

In the OPC UA Device Support sources, you will find a detailed README about how to configure OPC UA Security.

(On-line version at https://github.com/epics-modules/opcua/blob/master/Using-Security.md)

Setting up X.509-based security is not simple. It can be very frustrating, as any small mistake will make the connection fail, often without clear error messages.

I would suggest that you start with getting a good understanding of how these certificates and the PKI infrastructure work.

Once you know what is required, the information in the README will be hopefully enough to get you going. (It obviously includes descriptions of the tools and commands necessary to create client certificates.)

Feel free to directly contact me when you get stuck again. This topic might be too specialized to be discussed on tech-talk. I will update the README with any additional information that should be added.

Cheers,
~Ralph

Replies:

Re: Re: How do I setEPICS opc UA security Settings? Ralph Lange via Tech-talk

References:

How do I setEPICS opc UA security Settings? 谭映雷 via Tech-talk

Re: How do I setEPICS opc UA security Settings? Ralph Lange via Tech-talk

Navigate by Date:

Prev: Re: SSEQ record does not "appear" to be demanding callback completion from an asynchronous record forward-linked to another asynchronous record Hu, Yong via Tech-talk

Next: Re: SSEQ record does not "appear" to be demanding callback completion from an asynchronous record forward-linked to another asynchronous record Hu, Yong via Tech-talk

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <2023>  2024 

Navigate by Thread:

Prev: Re: How do I setEPICS opc UA security Settings? Ralph Lange via Tech-talk

Next: Re: Re: How do I setEPICS opc UA security Settings? Ralph Lange via Tech-talk

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <2023>  2024