private static X509Certificate2 CreateApplicationInstanceCertificate(
ApplicationConfiguration configuration,
ushort keySize,
ushort lifetimeInMonths)
{
Utils.Trace(Utils.TraceMasks.Information, "Creating application instance certificate. KeySize={0}, Lifetime={1}", keySize, lifetimeInMonths);
// delete existing any existing certificate.
DeleteApplicationInstanceCertificate(configuration);
CertificateIdentifier id = configuration.SecurityConfiguration.ApplicationCertificate;
// get the domains from the configuration file.
IList<string> serverDomainNames = configuration.GetServerDomainNames();
if (serverDomainNames.Count == 0)
{
serverDomainNames.Add(System.Net.Dns.GetHostName());
}
// ensure the certificate store directory exists.
if (id.StoreType == CertificateStoreType.Directory)
{
Utils.GetAbsoluteDirectoryPath(id.StorePath, true, true, true);
}
X509Certificate2 certificate = Opc.Ua.CertificateFactory.CreateCertificate(
id.StoreType,
id.StorePath,
configuration.ApplicationUri,
configuration.ApplicationName,
null,
serverDomainNames,
keySize,
lifetimeInMonths);
id.Certificate = certificate;
AddToTrustedStore(configuration, certificate);
/*
if (id.StoreType == CertificateStoreType.Directory)
{
DirectoryCertificateStore store = new DirectoryCertificateStore();
store.Open(id.StorePath);
List<ApplicationAccessRule> rules = new List<ApplicationAccessRule>();
ApplicationAccessRule rule = new ApplicationAccessRule();
rule.RuleType = AccessControlType.Allow;
rule.Right = ApplicationAccessRight.Run;
rule.IdentityName = WellKnownSids.NetworkService;
rules.Add(rule);
rule = new ApplicationAccessRule();
rule.RuleType = AccessControlType.Allow;
rule.Right = ApplicationAccessRight.Run;
rule.IdentityName = WellKnownSids.LocalService;
rules.Add(rule);
rule = new ApplicationAccessRule();
rule.RuleType = AccessControlType.Allow;
rule.Right = ApplicationAccessRight.Run;
rule.IdentityName = WellKnownSids.LocalSystem;
rules.Add(rule);
store.SetAccessRules(certificate.Thumbprint, rules, false);
}
*/
configuration.CertificateValidator.Update(configuration.SecurityConfiguration);
Utils.Trace(Utils.TraceMasks.Information, "Certificate created. Thumbprint={0}", certificate.Thumbprint);
// reload the certificate from disk.
return configuration.SecurityConfiguration.ApplicationCertificate.LoadPrivateKey(null);
}