Closed eoursel closed 8 years ago
@eoursel. Martin, who wrote the script, is currently on vacation, but will have a look when he returns in 2 weeks' time.
@eoursel sorry I can't repro this here on Ubuntu 16.04. Please check this:
i) there should not be a password set on the private key. Just hit twice return.
ii) rename or delete the ./OPC Foundation/
folder before ./createcert.sh
is run to make sure there are only the new certs in the CertificateStore.
If it still doesn't work could you send me the failing .der & .pfx certs?
@mregen you are right that's the password of the private key. I would recommend to add the option -passout like
openssl pkcs12 -export -in cert.pem -inkey cert.key -out $MYHOSTNAME.pfx -nodes -passout pass:
in order to avoid entering a password. As a matter of fact, i would try to automate the creation of a docker container with the UA server and it's a mandatory requirement to have a completely automated script with no operator interaction.
Anyway, there is at least a cyber security issue if we can't use a private key protected by a password to start a server. Ok i know that the TPM library @barnstee mentioned is certainly a clever solution.
Regards
Eric
@eoursel Thanks, good point, I will fix the scripts. The scripts are only meant to be used to run the samples, not in production. For the pw support for the private keys we should have a feature request to make sure it is properly supported if required.
There is an issue with the certificate generated with createcert.sh on Ubuntu 16.04 while the certifcate generated by OPC CertificateGenerator (generated on windows and copied to the linux host) is fine and accepted by the server. Find below the trace file.