You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
causes the certificate to be loaded without proper keyset for encrypt/decrypt.
A call to GetRSAPrivateKey throws exception. Encryption and signing will not work.
To Reproduce
in your code, load Findor Update before LoadPrivateKey, causes the cert to have invalid KeySet.
A call to GetRSAPrivateKey throws exception. Encrypion and signing will not work.
Expected behavior
API is able to load private key even if calls are not in the right order.
Code snippets
At this time, known working pseudo code:
// reload the application certificate with private key, if it is there
// note: do not change this sequence, or the private key is not properly loaded on some platforms
if (await applicationConfiguration.SecurityConfiguration.ApplicationCertificate.LoadPrivateKey(null).ConfigureAwait(false) != null)
{
// update certificate with private key
certificate = await ApplicationConfiguration.SecurityConfiguration.ApplicationCertificate.Find(true).ConfigureAwait(false);
}
// create a self signed certificate if there is none
if (certificate == null)
{
certificate = CertificateFactory.CreateCertificate(
applicationConfiguration.SecurityConfiguration.ApplicationCertificate.StoreType,
applicationConfiguration.SecurityConfiguration.ApplicationCertificate.StorePath,
null,
applicationConfiguration.ApplicationUri,
applicationConfiguration.ApplicationName,
applicationConfiguration.ApplicationName,
null,
CertificateFactory.DefaultKeySize,
DateTime.UtcNow - TimeSpan.FromDays(1),
CertificateFactory.DefaultLifeTime,
CertificateFactory.DefaultHashSize,
false,
null,
null
);
// reload the certificate from disk.
certificate = await applicationConfiguration.SecurityConfiguration.ApplicationCertificate.LoadPrivateKey(null);
if (certificate == null)
{
throw new Exception("OPC UA application certificate can not be loaded from disk!");
}
else
{
// update certificate with private key
certificate = await applicationConfiguration.SecurityConfiguration.ApplicationCertificate.Find(true).ConfigureAwait(false);
}
}
// update security information
await applicationConfiguration.CertificateValidator.Update(applicationConfiguration.SecurityConfiguration).ConfigureAwait(false);
Environment (please complete the following information):
OS: Windows
Development environment: any VS
Runtime: all .NET 4.6.2, .NET Core x.1
OPC Package Release Version 1.4.363.107
Component: Opc.Ua.Core
The text was updated successfully, but these errors were encountered:
- do not silent recreate a certificate if a matching cert subject is available, enforce manual deletion or replacement
- allow the application cert to be used when expired or not yet valid
- warn in trace if an app cert is loaded without loading the private key
fixes#1162 , fixes#1102
Type of Issue
[X] Bug [X] Enhancement [ ] Compliance [ ] Question [ ] Help wanted
Applies only for App certificate in Directory store on Windows:
When the app cert is not loaded through the xml appconfiguration API,
calling
before
causes the certificate to be loaded without proper keyset for encrypt/decrypt.
A call to
GetRSAPrivateKey
throws exception. Encryption and signing will not work.To Reproduce
in your code, load
Find
orUpdate
beforeLoadPrivateKey
, causes the cert to have invalid KeySet.A call to
GetRSAPrivateKey
throws exception. Encrypion and signing will not work.Expected behavior
API is able to load private key even if calls are not in the right order.
Code snippets
At this time, known working pseudo code:
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: