aboutsummaryrefslogtreecommitdiffstats
path: root/readme.md
diff options
context:
space:
mode:
authorThomas Vanbesien <tvanbesi@proton.me>2026-02-18 09:48:51 +0100
committerThomas Vanbesien <tvanbesi@proton.me>2026-02-18 09:48:51 +0100
commit8d9ca6e1e18d8b429c30e3e30828bb41c6b26c5c (patch)
tree6c6c5923d2ba1fa5f4e365eaaaf3e4b534e99859 /readme.md
parentd8a7d51ba3ecdd0592d4b562d74cc7b56c99ead9 (diff)
downloadBobinkCOpcUa-8d9ca6e1e18d8b429c30e3e30828bb41c6b26c5c.tar.gz
BobinkCOpcUa-8d9ca6e1e18d8b429c30e3e30828bb41c6b26c5c.zip
Add aes256_anon test, expand readme certificate section
Create test configs for SignAndEncrypt / Aes256_Sha256_RsaPss with anonymous auth. Expand the readme certificate section with an identity table and clearer trust store explanation.
Diffstat (limited to 'readme.md')
-rw-r--r--readme.md19
1 files changed, 15 insertions, 4 deletions
diff --git a/readme.md b/readme.md
index c524bc2..6011d40 100644
--- a/readme.md
+++ b/readme.md
@@ -28,8 +28,11 @@ cd opcua_c
The programs use TLS certificates for mutual authentication. ServerLDS and
ServerRegister can also run without certificates (SecurityPolicy#None only) by
omitting the `certificate`, `privateKey`, and `trustStore` keys from their
-config files. For encrypted operation, four identities are needed — run these
-from the project root:
+config files.
+
+For encrypted operation, four identities are needed. Each call to
+`tools/generate_certificate.sh` creates a self-signed RSA-2048 certificate
+(`<name>_cert.der`) and private key (`<name>_key.der`) in the given directory:
```sh
tools/generate_certificate.sh certs ServerLDS
@@ -38,10 +41,18 @@ tools/generate_certificate.sh certs ServerRegisterClient
tools/generate_certificate.sh certs ClientFindServers
```
+| Identity | Used by | Purpose |
+|----------|---------|---------|
+| `ServerLDS` | ServerLDS | Server certificate for the LDS |
+| `ServerRegister` | ServerRegister | Server certificate for the registering server |
+| `ServerRegisterClient` | ServerRegister | Client certificate used when connecting to the LDS |
+| `ClientFindServers` | Client | Client certificate for all client operations |
+
### Populate the trust stores
-Each program trusts a specific set of peers. Create symlinks to the
-certificates in the trust store directories so they can find each other:
+OPC UA applications only accept connections from peers whose certificate is in
+their trust store. Create the trust store directories and symlink each peer's
+certificate:
```sh
mkdir -p certs/trust/{server_lds,server_register,server_register_client,client}