.NET Based OPC UA Client/Server SDK  3.3.3.537
Certificate Management – Create Certificate

Description

The following screenshot shows an example dialog for creating a new certificate. Press the button “Show Code” to display the corresponding code, and the button “Help” to show this documentation page.

clienttutorials_create_certificate.png

This dialog is used in the .NET based OPC UA Demo Server and the Getting Started Client Example included in the SDK. On first start-up, the application checks for a certificate. If no certificate exists, the dialog for creating a new certificate shows up.

The input fields are filled with default values which can be changed to the user’s liking. On clicking the “Advanced” button, additional input fields show up, which can be hidden again by pressing the “Basic” button.

clienttutorials_create_certificate2.png

Clicking on “Create” stores the certificate, by clicking “Cancel” the process can be aborted.

Sample Code

Step 1: Tell the SDK to Automatically Create Certificates

Setting the AutoCreateCertificate to true tells the SDK to create a certificate automatically when the application starts. The MissingApplicationCertificate is the event that is raised when the SDK determines that a certificate needs to be created. This allows the application to customize the creation of the certificate.

ApplicationInstance.Default.AutoCreateCertificate = true;
ApplicationInstance.Default.MissingApplicationCertificate += new CreateCertificateEventHandler(Application_MissingApplicationCertificate);

Step 2: Implement the MissingApplicationCertificate Callback

static private void Application_MissingApplicationCertificate(object sender, CreateCertificateEventArgs e)
{
try
{
// let the application create a suitable default if no user interaction allowed.
if (e.Silent)
{
return;
}
CreateCertificateDialog dialog = new CreateCertificateDialog();
ICertificate certificate = dialog.ShowDialog(null, new CreateCertificateDialogSettings()
{
Application = e.Application,
Instructions = "The application does not have a certificate assigned.\r\nPlease specify the parameters for a new certificate."
});
if (certificate != null)
{
e.NewCertificate = certificate;
e.UpdateConfiguration = dialog.PersistConfiguration;
}
}
catch (Exception exception)
{
ExceptionDlg.ShowInnerException("", exception);
}
}
static private void Application_ConfigurationChanged(object sender, EventArgs e)
{
try
{
ApplicationInstance.Default.SaveConfiguration(false);
}
catch (Exception exception)
{
ExceptionDlg.ShowInnerException("", exception);
}
}

Step 3: CreateCertificateDialog

The CreateCertificateDialog displays the fields of the certificate and allows the user to change them. A certificate issued by a Certificate Authority (CA) can be created by specifying an issuer certificate. The certificate settings can be found here: CreateCertificateSettings.

The “Persist Configuration” check box is only evaluated if the dialog is opened by the MissingApplicationCertificate EventHandler of ApplicationInstanceBase. If the check box is checked in this case, the configuration of the application gets updated with information about the new certificate.

public CreateCertificateDialog()
{
InitializeComponent();
Icon = GuiUtils.GetDefaultIcon();
this.CancelButton = this.CloseButton;
SecurityRightsLabel.Visible = !SecurityUtils.CheckIfProcessHasAdminRights();
foreach (object value in Enum.GetValues(typeof(KeySize)))
{
KeySizeComboBox.Items.Add(value);
}
KeySizeComboBox.SelectedIndex = 1;
foreach (object value in Enum.GetValues(typeof(HashAlgorithm)))
{
HashAlgorithmComboBox.Items.Add(value);
}
HashAlgorithmComboBox.SelectedIndex = 0;
PasswordTextBox.MouseEnter += PasswordTextBox_MouseEnter;
BasicButton_Click(this, null);
}
private void PasswordTextBox_MouseEnter(object sender, EventArgs e)
{
ToolTip tt = new ToolTip()
{
InitialDelay = 250,
ShowAlways = true
};
tt.SetToolTip(PasswordTextBox, "If you create a password that is secured by"
+ " a password, the certificate cannot be loaded by the SDK directly after"
+ " checking the configuration\nbecause there is no specified way to store "
+ " the password within the configuration.\n"
+ "You have to load the certificate directly in the code.");
}