From 8d9ca6e1e18d8b429c30e3e30828bb41c6b26c5c Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Wed, 18 Feb 2026 09:48:51 +0100 Subject: Add aes256_anon test, expand readme certificate section Create test configs for SignAndEncrypt / Aes256_Sha256_RsaPss with anonymous auth. Expand the readme certificate section with an identity table and clearer trust store explanation. --- readme.md | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'readme.md') diff --git a/readme.md b/readme.md index c524bc2..6011d40 100644 --- a/readme.md +++ b/readme.md @@ -28,8 +28,11 @@ cd opcua_c The programs use TLS certificates for mutual authentication. ServerLDS and ServerRegister can also run without certificates (SecurityPolicy#None only) by omitting the `certificate`, `privateKey`, and `trustStore` keys from their -config files. For encrypted operation, four identities are needed — run these -from the project root: +config files. + +For encrypted operation, four identities are needed. Each call to +`tools/generate_certificate.sh` creates a self-signed RSA-2048 certificate +(`_cert.der`) and private key (`_key.der`) in the given directory: ```sh tools/generate_certificate.sh certs ServerLDS @@ -38,10 +41,18 @@ tools/generate_certificate.sh certs ServerRegisterClient tools/generate_certificate.sh certs ClientFindServers ``` +| Identity | Used by | Purpose | +|----------|---------|---------| +| `ServerLDS` | ServerLDS | Server certificate for the LDS | +| `ServerRegister` | ServerRegister | Server certificate for the registering server | +| `ServerRegisterClient` | ServerRegister | Client certificate used when connecting to the LDS | +| `ClientFindServers` | Client | Client certificate for all client operations | + ### Populate the trust stores -Each program trusts a specific set of peers. Create symlinks to the -certificates in the trust store directories so they can find each other: +OPC UA applications only accept connections from peers whose certificate is in +their trust store. Create the trust store directories and symlink each peer's +certificate: ```sh mkdir -p certs/trust/{server_lds,server_register,server_register_client,client} -- cgit v1.2.3