| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024 2025 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024 2025 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | Re: Re: How do I setEPICS opc UA security Settings? |
| From: | 谭映雷 via Tech-talk <tech-talk at aps.anl.gov> |
| To: | "ralph lange" <ralph.lange at gmx.de> |
| Cc: | epics tech talk <tech-talk at aps.anl.gov> |
| Date: | Thu, 30 Mar 2023 21:04:31 +0800 (GMT+08:00) |
hello ralph lange:
Thank you for your guidance last time.
I'm having trouble with OPC UA. How to use the 'setClientCertificate' command?
epics> opcuaShowSecurity
Certificate store:
Server trusted certificates dir:
Server revocation list dir:
Issuer trusted certificates dir:
Issuer revocation list dir:
Rejected certificates are not saved.
ApplicationURI: urn:[email protected]:EPICS:IOC
No client certificate loaded.
Supported security policies: Basic128Rsa15 Basic256 Basic256Sha256 None
epics> setClientCertificate
Command setClientCertificate not found.
epics>
Command setClientCertificate not found.How do I do that?
Regards
-----原始邮件-----
发件人:"Ralph Lange" <ralph.lange at gmx.de>
发送时间:2023-03-29 21:58:07 (星期三)
收件人: "谭映雷" <tanyl at ihep.ac.cn>
抄送: "EPICS Tech Talk" <tech-talk at aps.anl.gov>
主题: Re: How do I setEPICS opc UA security Settings?
Hello Yinglei Tan,
On Wed, 29 Mar 2023 at 14:49, 谭映雷 via Tech-talk <tech-talk at aps.anl.gov> wrote:How do I setEPICS opc UA security Settings?
Hi:
How do I setEPICS opc UA security Settings?
When I set up the EPICS OPC UA client, the server did not receive the reject (.der) file, but I did receive certificates from the server.
[...]
What should I do to create a client certificate? Should the client certificate be copied to the server?
Any suggestions/solution approaches are welcome.
In the OPC UA Device Support sources, you will find a detailed README about how to configure OPC UA Security.(On-line version at https://github.com/epics-modules/opcua/blob/master/Using-Security.md)
Setting up X.509-based security is not simple. It can be very frustrating, as any small mistake will make the connection fail, often without clear error messages.
I would suggest that you start with getting a good understanding of how these certificates and the PKI infrastructure work.Once you know what is required, the information in the README will be hopefully enough to get you going. (It obviously includes descriptions of the tools and commands necessary to create client certificates.)
Feel free to directly contact me when you get stuck again. This topic might be too specialized to be discussed on tech-talk. I will update the README with any additional information that should be added.
Cheers,
~Ralph