So for my other usecase, I'm building things that if I start the software and the cert file is missing, it generates one and stored it in that location. A user can however put his own cert in that location, it gets picked up and no cert is generated. Pegasus that helps? In the profinet drivers we also access files in standard, but configurable locations.
Chris Gesendet von Outlook für Android<https://aka.ms/AAb9ysg> ________________________________ From: Łukasz Dywicki <l...@code-house.org> Sent: Wednesday, October 30, 2024 11:39:58 AM To: dev@plc4x.apache.org <dev@plc4x.apache.org> Subject: Re: Self signed certificates We do have this functionality. Thing is - the self signed cert is generated each time when user does not provide it and connection is made. [1] Most of OPC UA servers will retain attempted client certificates in "rejected" directory, but even if you move it to trusted, the next connection made by plc4x will ship another certificate. So the only one way is to store client certificate on our end and keep using it. Doing it on behalf of user (storing cert somewhere) is doable, but opens us in another set of troubles like expiry of the certificate. Best, Łukasz [1] https://github.com/apache/plc4x/blob/v0.12.0/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/OpcuaDriverContext.java#L83 On 30.10.2024 09:25, Christofer Dutz wrote: > Hi all, > > I followed the trouble in the OPC-UA driver with the certificates … in a > different part of my work I’m dealing with a similar problem. > As I know that creating a self-signed certificate, even with your > documentation, will still probably scare 80% of OT-folks out there, possibly > what I have been working on would also be interesting for us here? > In my experiment I’m using the bouncy-castle libs to auto generate > self-signed certificates in pure java. > So how about adding such a feature to the opc-ua driver? > A feature that auto-generates a certificate that fits for communicating with > the remote PLC, if none is provided. > > Chris >
