Certificate Generator

Unified Architecture certificates can be generated from the command-line using the UA Certificate Generator. The UA Configuration Tool uses this tool internally. Source code is provided with the sample application source-code.

Run the following command from the command-prompt to obtain important help information:

Opc.Ua.CertificateGenerator.exe -?

... the following information will be displayed:

-command or -cmd <issue | revoke | unrevoke | install> The action to perform (default = issue).

-storePath or -sp <filepath>                The directory of the certificate store (mandatory, must be writeable).

-applicationName or -an <name>              The name of the application (mandatory).

-applicationUri or -au <uri>                The URI for the appplication (optional).

-subjectName or -sn <DN>                    The distinguished subject name, fields seperated by a / (i.e. CN=Hello/O=World).

-organization or -o <name>                  The organization (optional).

-domainNames or -dn <name>,<name>           A list of domain names seperated by commas (optional)

-password or -pw <password>                 The password for the new private key file (optional).

-issuerKeyFilePath or -ikf <filepath>       The path to the issuer private key file (optional).

-issuerKeyPassword or -ikp <password>       The password for the issuer private key file (optional).

-keySize or -ks  <bits>                     The size of key as a multiple of 1024 (default = 1024).

-lifetimeInMonths or -lm <months>           The lifetime in months (default = 60).

-publicKeyFilePath or -pbf <filepath>       The path to the certificate to renew or revoke (a DER file).

-privateKeyFilePath or -pvf <filepath>      The path to an existing private key to reuse or convert.

-privateKeyPassword or -pvp <password>      The password for the private key.

-reuseKey or -rk <true | false>             Whether to reuse an existing public key (default = false).

-ca <true | false>                          Whether to create a CA certificate (default = false).

-pem <true | false>                         Whether to output in the PEM format (default = PFX).

Examples

Create a self-signed Application Certificate: -cmd issue -sp . -sn MyApp

Create a CA Certificate: -cmd issue -sp . -an MyCA -ca true

Issue an Application Certificate: -cmd issue -sp . -an MyApp -ikf CaKeyFile -ikp CaPassword

Renew a Certificate: -cmd issue -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword

Revoke a Certificate: -cmd revoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword

Unrevoke a Certificate: -cmd unrevoke -sp . -pbf MyCertFile -ikf CaKeyFile -ikp CaPassword

Convert key format: -cmd convert true -pw newpassword -pvf MyKeyFile -pvp oldpassword -pem true