我已根据this指令创建了由根证书签名的证书,并将.crt转换为.der文件以及将.key转换为.pem文件。现在,当我的opc ua客户端连接到我的服务器(虚拟机上的TwinCAT Beckhoff)时,我想使用它们发送。到目前为止,我发送由opc ua自动生成的证书(参见下面的代码)。
我尝试了几件事(顺便说一下,我对所有事情都很新......)但似乎没有任何工作,服务器端无法接受证书和/或不仅发送我自己的证书而且还自动发送证书生成的。
这是我的初始化代码,我使用它发送自动生成的证书。如何更改它以发送我自己的?
public void initialize() throws URISyntaxException, SecureIdentityException,
SessionActivationException, InitializationException, IOException {
// IP + port of my local machine
String serverUri = "xxx.xxx.xx.xxx:4840";
// configure the ua client
try {
UaClient client = new UaClient(serverUri);
} catch (final URISyntaxException e) {
throw new InitializationException("The server uri has an invalid syntax.", e);
}
// set validator and listener to deal with certificates
final PkiFileBasedCertificateValidator validator = new PkiFileBasedCertificateValidator();
client.setCertificateValidator(validator);
final CertificateValidationListener validationListener = new CertificateValidationListener();
validator.setValidationListener(validationListener);
// create application description
final ApplicationDescription appDescription = new ApplicationDescription();
appDescription.setApplicationName(new LocalizedText("middlewareOpcUaClient", Locale.ENGLISH));
appDescription.setApplicationUri("urn:localhost:UA:Middleware");
appDescription.setProductUri("urn:xxx.Middleware");
appDescription.setApplicationType(ApplicationType.Client);
// create certificates
// basically copied from the opc ua SampleConsoleClient
final File privatePath = new File(validator.getBaseDir(), "private");
final KeyPair issuerCertificate = null;
final int[] keySizes = null;
final ApplicationIdentity identity = ApplicationIdentity.loadOrCreateCertificate(appDescription, "Middleware", "opcua", privatePath, issuerCertificate, keySizes, true);
client.setApplicationIdentity(identity);
client.setLocale(Locale.ENGLISH);
// set timeouts
client.setTimeout(30000);
client.setStatusCheckTimeout(10000);
client.setAutoReconnect(true);
// set security features
client.setSecurityMode(SecurityMode.BASIC256_SIGN_ENCRYPT);
// set endpoint configuration parameters
client.getEndpointConfiguration().setMaxByteStringLength(Integer.MAX_VALUE);
client.getEndpointConfiguration().setMaxArrayLength(Integer.MAX_VALUE);
}
另外:我是否必须以特殊方式命名证书和/或其通用名称? 如果有人能给我一个关于我需要做什么的暗示,我会很高兴的!