Does anyone have successfully create his own certificates using openssl and not CODESYS ?
The aim is to add the IP in the SubjectAltName, which is not part of the CODESYS generated certificates (only DNS is provided).
Sor far here is what I’ve done :
Create a ssl.conf file :
[ req ]
default_bits = 3072
serial = 0
default_md = sha256
distinguished_name = subject
req_extensions = req_ext
x509_extensions = req_ext
string_mask = utf8only
prompt = no
[ req_ext ]
basicConstraints = critical, CA:TRUE, pathlen:0
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign
extendedKeyUsage = critical, serverAuth
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
subjectAltName = URI:urn:PFC2004G:WAGO:WAGO%20750-8217%20PFC200%20G2%202ETH%20RS%204G:OPCUA:Server,DNS: PFC2004G
[ subject ]
#countryName = YOURCOUNTRYCODE
#stateOrProvinceName = YOURSTATE
#localityName = YOURLOCATION
#organizationName = YOURCOMPANYNAMEHERE
commonName = OPCUAServer@PFC2004G
Generate the RSA private key :
openssl genrsa -out key.pem 3072
Generate the certificate for the server :
openssl req -x509 -days 365 -new -key key.pem -out certificate.pem -config ssl.conf
Transform the PEM certificate in DER format
openssl x509 -outform der -in certificate.pem -out certificate.der
But then when I upload the certificate in the OPC UA Server, even after “Trusting” it in UAExpert, I get a “Bad” error, without more indications…
Any help would be appreciated 