Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

EasyOpc Client directory Certificate Store

More
08 Jun 2023 16:30 #11802 by samirhaj
Hello,

That's correct. I am aware of the directory path configuration. My EasyUA version is 5.61.

Thanks, the link you sent helped to find the properties. TrustedPeers, TrustedIssuer and Rejected Certificate stores properties are under CertificateAcceptancePolicy as mentioned in the link as well. However, ApplicationCertificateStore is under ApplicationParameters property that can be reached in this way;

EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationCertificateStore = "...";


Best regards.

Please Log in or Create an account to join the conversation.

More
08 Jun 2023 08:27 #11796 by support
Hello.
Which QuickOPC version are you actually using?

Before the "application manifest" object was introduced, the proeprties were still there, just named&located differently. The way it has changed is explained here: kb.opclabs.com/What%27s_new_in_QuickOPC_2021.1#OPC_UA .

The semantics has not changed at all. You could never safely put in relative paths, something like in your example "InstanceOwnStorePath = "Machine Default"". You should use absolute paths; in them, you can use replacement symbols; and what you are looking for is the %LocalFolder% replacement symbol, which will give you the path to the folder of the currently running executable. So, you probably need to set the cert store paths to something like:
  • application certificate store = "%LocalFolder%/OPC Foundation/CertificateStores/MachineDefault".
  • rejected certificate store = "%LocalFolder%/OPC Foundation/CertificateStores/RejectedCertificates".
  • trusted issuers certificate store = "%LocalFolder%/OPC Foundation/CertificateStores/UA Certificate Authorities".
  • trusted peers certificate store = "%LocalFolder%/OPC Foundation/CertificateStores/UA Applications".
Best regards

Please Log in or Create an account to join the conversation.

More
07 Jun 2023 17:17 #11794 by samirhaj
Thanks for prompt reply!

OK, I assume I should for example write like the following;

EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationCertificateStore = "C:\\ProgramFiles\\EKD\\OPC Foundation".
Here EKD is the application folder and I want EasyUA client to use the Certiifcates inside OPC Foundation folder in the path above. Inside the OPC Foundation folder I have the following folder structure in place:

You do not have permissions to access this page.


Now the question is whether this structure is good enough to give the directory path at the folder "OPC Foundation" level or do we need to give the path to the inner folders; "Machine Default", "UA Applications" and "RejectedCertificates" folders? If the latter is the answer, then I do not have specifics of the certificates in the property in the EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationCertificateStore. Because in the newer version after 2022.2 I see that you can specify each certificates like below;

SharedParameters->EngineParameters->ApplicationParameters->ApplicationManifest->InstanceOwnStorePath = "Machine Default"
SharedParameters->EngineParameters->ApplicationParameters->ApplicationManifest->InstanceTrustedStorePath = "UA Applications"
SharedParameters->EngineParameters->ApplicationParameters->ApplicationManifest->RejectedStorePath = "RejectedCertificates"

So in the ApplicationManifest there are properties InstanceOwnStorePath, InstanceTrustedStorePath and RejectedStorePath that you can specify individually. How could we do the same with earlier versions that we do not have ApplicationManifest?

Best regards.

Please Log in or Create an account to join the conversation.

More
07 Jun 2023 14:18 #11793 by support
Yes, this is the right place (note that there are other properties alongside it, for other cert stores, too).
We try not to change things for backward compatibility, but this unfortunate part had changed twice.

Best regards

Please Log in or Create an account to join the conversation.

More
07 Jun 2023 13:47 #11792 by samirhaj
Hello,

Thanks for your answer.

The version that we have the license for is not 2022.2 version, so it does not exactly have this option as you said but instead, I could find this
EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationCertificateStore = "string".

In the pop-up where it gives a description of the ApplicationCertificateStore says; "The store containing application instance certificate (or where the application instance certificate will be created)." And expects a string type parameter. Is this where we can configure the certificate stores paths in the earlier version than 2022.2 or is this for some other thing?

Best regards.

Please Log in or Create an account to join the conversation.

More
07 Jun 2023 07:59 #11790 by support
Hello,

please read opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html .

In the current version (2022.2), certificate stores paths can be configured in properties of EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationManifest . In the upcoming version (2023.1), the way how you get to the ApplicationManifest will change, but otherwise the principle will remain (kb.opclabs.com/What%27s_new_in_QuickOPC_2023.1 ).

Best regards

Please Log in or Create an account to join the conversation.

More
06 Jun 2023 17:52 #11787 by samirhaj
Hello,

I am using easyOpc client inside a .Net core application. When running the application, EasyOpc client uses the system Directory Certificate Store in Windows even if I have a local folder with the same structure as it should be for Certificate Store contents in my application directory where .exe is located. Is there a way to configure where the directory Certificate Store to be used by the EasyOpc client?

We do not want to use the system folder of Windows (where it is automatically used as directory Certificate Store) and we want to use local application directory where the .exe of the application is located.

Regards.

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.058 seconds