X509 certificate creation issue
Unsolved
General and Desktop
-
I have this method to create the application certificate (it is taken directly from the example). If I add the commented code, the creation fails.
Can anybody tell me why?// Generate RSA Key QOpcUaKeyPair key; key.generateRsaKey(QOpcUaKeyPair::RsaKeyStrength::Bits2048); // Save private key to file const QByteArray keyData = key.privateKeyToByteArray(QOpcUaKeyPair::Cipher::Unencrypted, nullptr); Q_ASSERT(!keyData.isEmpty()); QFile keyFile(privateKeyFilePath); // pem keyFile.open(QFile::WriteOnly); keyFile.write(keyData); keyFile.close(); // Create a certificate signing request QOpcUaX509CertificateSigningRequest certificateSigningRequest; certificateSigningRequest.setEncoding(QOpcUaX509CertificateSigningRequest::Encoding::DER); // Set the subject of the certificate QOpcUaX509DistinguishedName distinguishedName; distinguishedName.setEntry(QOpcUaX509DistinguishedName::Type::CommonName, QCoreApplication::applicationName()); distinguishedName.setEntry(QOpcUaX509DistinguishedName::Type::CountryName, CountryName); distinguishedName.setEntry(QOpcUaX509DistinguishedName::Type::LocalityName, LocalityName); distinguishedName.setEntry(QOpcUaX509DistinguishedName::Type::StateOrProvinceName, StateOrProvinceName); distinguishedName.setEntry(QOpcUaX509DistinguishedName::Type::OrganizationName, OrganizationName); certificateSigningRequest.setSubject(distinguishedName); // The subject alternative name extension is needed for OPC UA QOpcUaX509ExtensionSubjectAlternativeName* subjectAlternativeName = new QOpcUaX509ExtensionSubjectAlternativeName; //subjectAlternativeName->addEntry(QOpcUaX509ExtensionSubjectAlternativeName::Type::DNS, DNS); subjectAlternativeName->addEntry(QOpcUaX509ExtensionSubjectAlternativeName::Type::DNS, QHostInfo::localHostName()); subjectAlternativeName->addEntry(QOpcUaX509ExtensionSubjectAlternativeName::Type::URI, getApplicationUri()); subjectAlternativeName->setCritical(false); certificateSigningRequest.addExtension(subjectAlternativeName); // Set the certificate basic constraints QOpcUaX509ExtensionBasicConstraints* basicConstraints = new QOpcUaX509ExtensionBasicConstraints; basicConstraints->setCa(false); basicConstraints->setCritical(false); certificateSigningRequest.addExtension(basicConstraints); // Set the key usage constraints QOpcUaX509ExtensionKeyUsage* keyUsage = new QOpcUaX509ExtensionKeyUsage; keyUsage->setCritical(false); keyUsage->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DigitalSignature); keyUsage->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::NonRepudiation); keyUsage->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::KeyEncipherment); keyUsage->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DataEncipherment); keyUsage->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::CertificateSigning); certificateSigningRequest.addExtension(keyUsage); // QOpcUaX509ExtensionExtendedKeyUsage* extendedKeyUsage = new QOpcUaX509ExtensionExtendedKeyUsage; // extendedKeyUsage->setCritical(false); // extendedKeyUsage->setKeyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::TlsWebServerAuthentication); // extendedKeyUsage->setKeyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::TlsWebClientAuthentication); // certificateSigningRequest.addExtension(extendedKeyUsage); const QByteArray selfSignedCertificateData = certificateSigningRequest.createSelfSignedCertificate(key, 12000/*days*/); Q_ASSERT(!selfSignedCertificateData.isEmpty()); QFile certificateFile(certificateFilePath); // der certificateFile.open(QFile::WriteOnly); certificateFile.write(selfSignedCertificateData); certificateFile.close();