Certificates

To use certificate authentication, the user_cert_path, user_private_key_path and user_cert_password fields need to be active in the options object of your configuration, or the client_cert_path and client_private_key_path fields need to be in that object.

"options":{
             "user_cert_path": "/config/client.der",
             "user_private_key_path":"/config/client.key",
             "user_cert_password":"<your password>"
          }

Note: The user_cert_password is the password used when you created your authentication certificate.

To generate an authentication certificate using a Windows machine:

Download OpenSSL for your Windows device (32-bit or 64-bit).
Navigate to where you downloaded OpenSSL and install using the executable.

From the folder you want to generate your authentication certificate, open a command prompt and run:

  > set RANDFILE=C:\<your folder structure>\.rnd
  > set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg
  > C:\OpenSSL-Win64\bin\openssl.exe

You should now be at an OpenSSL> prompt, where you should run:

req -newkey rsa:2048 -days 3650 -keyout client.key -x509 -outform DER -out client.der

To generate an authentication certificate on a Unix-like system, use the following command.

openssl req -newkey rsa:2048 -days 3650 -keyout client.key -x509 -outform DER -out client.der

Note: If you are running a simulator, be sure to copy these authentication certificates to your OPC-UA simulator.