... | ... | @@ -87,14 +87,14 @@ Note 2: Trusted intermediate CAs may also be defined as root CA in this configur |
|
|
<ServerCertificate path="/certs/server/my_server_cert.der"/>
|
|
|
<ServerKey path="/cert/server/my_server_key/my_server_key.pem" encrypted=true/> <!-- encrypted=true to specify if the server private key is encrypted with AES-256-CBC-->
|
|
|
<TrustedIssuers>
|
|
|
<TrustedIssuer root="true" cert_path="/certs/PKI/trusted/rootCA.der"
|
|
|
<TrustedIssuer root="true" cert_path="/certs/PKI/trusted/rootCA.der"
|
|
|
revocation_list_path="/certs/PKI/revoked/rootCRL.der"/>
|
|
|
</TrustedIssuers>
|
|
|
<UntrustedIssuers>
|
|
|
<!-- Intermediate CAs shall be provided in the order child to parent -->
|
|
|
<UntrustedIssuer root="false" cert_path="/certs/PKI/trusted/child2CA.der"
|
|
|
<UntrustedIssuer root="false" cert_path="/certs/PKI/trusted/child2CA.der"
|
|
|
revocation_list_path="/certs/PKI/revoked/child2CRL.der"/>
|
|
|
<UntrustedIssuer root="false" cert_path="/certs/PKI/trusted/child1CA.der"
|
|
|
<UntrustedIssuer root="false" cert_path="/certs/PKI/trusted/child1CA.der"
|
|
|
revocation_list_path="/certs/PKI/revoked/child1CRL.der"/>
|
|
|
</UntrustedIssuers>
|
|
|
<IssuedCertificates>
|
... | ... | @@ -124,5 +124,11 @@ The following files shall be adapted: |
|
|
|
|
|
Once modification done, the script “generate_certs.sh” should be called and the new certificate and keys are generated.
|
|
|
|
|
|
Private keys are encrypted using the AES-256 CBC algorithm. During execution of the script `generate_certs.sh`, passwords will be requested in an interactive and secure way from a terminal to encrypt the keys.
|
|
|
As explain in [Demo](/demo) you can adapt the script `generate_certs.sh` to change the encryption algorithm with one that is supported by S2OPC:
|
|
|
- AES-128, AES-128-CBC
|
|
|
- AES-192, AES-192-CBC
|
|
|
- AES-256, AES-256-CBC
|
|
|
|
|
|
![Analytics](https://systerel-ga-beacon.appspot.com/UA-1802741-3/wiki/home?pixel&useReferer)
|
|
|
![Matomo](https://analytics.systerel.fr/matomo.php?idsite=5&rec=1&action_name=wiki/certificates+configuration) |
|
|
\ No newline at end of file |