Unified Architecture certificates can be generated from the command-line using the UA Certificate Generator. The UA Configuration Tool uses this tool internally. Source code is provided with the sample application source-code.
Run the following command from the command-prompt to obtain important help information:
Opc.Ua.CertificateGenerator.exe -?
... the following information will be displayed:
-command or -cmd <issue | revoke | unrevoke | install> The action to perform (default = issue).
-storePath or -sp <filepath> The directory of the certificate store (mandatory, must be writeable).
-applicationName or -an <name> The name of the application (mandatory).
-applicationUri or -au <uri> The URI for the appplication (optional).
-subjectName or -sn <DN> The distinguished subject name, fields seperated by a / (i.e. CN=Hello/O=World).
-organization or -o <name> The organization (optional).
-domainNames or -dn <name>,<name> A list of domain names seperated by commas (optional)
-password or -pw <password> The password for the new private key file (optional).
-issuerKeyFilePath or -ikf <filepath> The path to the issuer private key file (optional).
-issuerKeyPassword or -ikp <password> The password for the issuer private key file (optional).
-keySize or -ks <bits> The size of key as a multiple of 1024 (default = 1024).
-lifetimeInMonths or -lm <months> The lifetime in months (default = 60).
-publicKeyFilePath or -pbf <filepath> The path to the certificate to renew or revoke (a DER file).
-privateKeyFilePath or -pvf <filepath> The path to an existing private key to reuse or convert.
-privateKeyPassword or -pvp <password> The password for the private key.
-reuseKey or -rk <true | false> Whether to reuse an existing public key (default = false).
-ca <true | false> Whether to create a CA certificate (default = false).
-pem <true | false> Whether to output in the PEM format (default = PFX).
Create a self-signed Application Certificate: -cmd issue -sp . -sn MyApp
Create a CA Certificate: -cmd issue -sp . -an MyCA -ca true
Issue an Application Certificate: -cmd issue -sp . -an MyApp -ikf CaKeyFile -ikp CaPassword
Renew a Certificate: -cmd issue -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword
Revoke a Certificate: -cmd revoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword
Unrevoke a Certificate: -cmd unrevoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword
Convert key format: -cmd convert true -pw newpassword -pvf MyKeyFile -pvp oldpassword -pem true