Problem with certificates generated by createcert.sh (openssl) about ua-.netstandard HOT 5 CLOSED

@eoursel. Martin, who wrote the script, is currently on vacation, but will have a look when he returns in 2 weeks' time.

from ua-.netstandard.

@eoursel sorry I can't repro this here on Ubuntu 16.04. Please check this:
i) there should not be a password set on the private key. Just hit twice return.
ii) rename or delete the ./OPC Foundation/ folder before ./createcert.sh is run to make sure there are only the new certs in the CertificateStore.
If it still doesn't work could you send me the failing .der & .pfx certs?

from ua-.netstandard.

@mregen you are right that's the password of the private key. I would recommend to add the option -passout like

openssl pkcs12 -export -in cert.pem -inkey cert.key -out $MYHOSTNAME.pfx -nodes -passout pass:

in order to avoid entering a password. As a matter of fact, i would try to automate the creation of a docker container with the UA server and it's a mandatory requirement to have a completely automated script with no operator interaction.

Anyway, there is at least a cyber security issue if we can't use a private key protected by a password to start a server. Ok i know that the TPM library @barnstee mentioned is certainly a clever solution.

Regards

Eric

from ua-.netstandard.

@eoursel Thanks, good point, I will fix the scripts. The scripts are only meant to be used to run the samples, not in production.
For the pw support for the private keys we should have a feature request to make sure it is properly supported if required.

from ua-.netstandard.

#51 to improve cert handling.

from ua-.netstandard.