GitHub user dsdbusch added a comment to the discussion: Use certificate /
encrypted communication using OPC UA Adapter
keytool gives the following output:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: 1
Creation date: Jan 17, 2025
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=industream, O=DSD Automation, L=Trier, C=DE
Issuer: CN=industream, O=DSD Automation, L=Trier, C=DE
Serial number: 3da4911ce0b242eb
Valid from: Thu Jan 16 15:28:37 UTC 2025 until: Fri Jan 16 15:28:37 UTC 2026
Certificate fingerprints:
SHA1: 14:48:9B:62:48:D1:AA:01:DF:21:A6:89:60:C7:16:91:ED:DF:37:2E
SHA256:
59:77:D6:DC:06:61:35:80:7B:24:40:0A:29:40:74:68:13:9B:4D:77:7B:12:B5:85:5B:03:47:A6:24:E5:81:EE
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#2: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Key_CertSign
]
#4: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: PC-BU
DNSName: localhost
IPAddress: 127.0.0.1
URIName: urn:PC-BU:dsd-automation.industream
]
*******************************************
*******************************************
Added - SP_OPCUA_KEYSTORE_ALIAS=1
It worked for me - BUT:
The opc-server's certificate (.der) had to be added MANUALLY to
pki/trusted/certs
The opc-server shows as expected my generated certificate as untrusted and i
had to add it to the trusted ones (as expected - alternatively i could add my
certificate as a .der-file directly to the opc-servers trusted store
Thank you for your support!
GitHub link:
https://github.com/apache/streampipes/discussions/3423#discussioncomment-11864593
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
