带有 Qt 包装器的 OPC-UA 的证书问题
Certificate issues for OPC-UA with Qt wrapper
我运行qtopcuaviewerexample following these instructions创建客户端证书:
# create a self-signed certificate and private key
openssl req -new -x509 -config opcuaviewer.config -newkey rsa:2048 -keyout opcuaviewer.key -nodes -outform der -out opcuaviewer.der
# install the certificate and key into the application PKI directory
mv opcuaviewer.der /path/to/application/pki/own/certs/opcuaviewer.der
mv opcuaviewer.key /path/to/application/pki/own/private/opcuaviewer.pem
# secure private key file permissions
chmod 600 /path/to/application/pki/own/private/opcuaviewer.pem
这是我收到的警告:
Debug: "Creating PKI path '/home/user/bin/pki/trusted/certs': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Debug: "Creating PKI path '/home/user/bin/pki/trusted/crl': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Debug: "Creating PKI path '/home/user/bin/pki/issuers/certs': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Debug: "Creating PKI path '/home/user/bin/pki/issuers/crl': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Warning: No functional TLS backend was found (:0, )
Warning: No TLS backend is available (:0, )
Warning: No client certificate found at "/home/user/bin/pki/own/certs/opcuaviewer.der" . Application identity will be invalid. (:0, )
第一期
使用上述过程创建的证书存在并且具有正确的权限:
$ ls -l /home/user/bin/pki/own/certs/opcuaviewer.der
-rw-rw-r-- 1 user user 1143 Jan 18 14:57 /home/user/bin/pki/own/certs/opcuaviewer.der
为什么找不到它?
第二期
关于 TLS 的警告应该暗示缺少一些 SSL 库。但是 ldd 告诉我没有错,我安装了以下库:
$ dpkg -l | grep libssl
ii libssl-dev:amd64 1.1.1f-1ubuntu2.8 amd64 Secure Sockets Layer toolkit - development files
ii libssl1.1:amd64 1.1.1f-1ubuntu2.8 amd64 Secure Sockets Layer toolkit - shared libraries
$ dpkg -l | grep libk5crypto
ii libk5crypto3:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos runtime libraries - Crypto Library
我还需要部署什么吗?
Qt 6.2.0 下 Ubuntu 20.04.
您必须部署在以下位置找到的 TLS 插件:
qt-path/6.2.0/gcc_64/plugins/tls/
它会解决这两个问题。
我运行qtopcuaviewerexample following these instructions创建客户端证书:
# create a self-signed certificate and private key
openssl req -new -x509 -config opcuaviewer.config -newkey rsa:2048 -keyout opcuaviewer.key -nodes -outform der -out opcuaviewer.der
# install the certificate and key into the application PKI directory
mv opcuaviewer.der /path/to/application/pki/own/certs/opcuaviewer.der
mv opcuaviewer.key /path/to/application/pki/own/private/opcuaviewer.pem
# secure private key file permissions
chmod 600 /path/to/application/pki/own/private/opcuaviewer.pem
这是我收到的警告:
Debug: "Creating PKI path '/home/user/bin/pki/trusted/certs': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Debug: "Creating PKI path '/home/user/bin/pki/trusted/crl': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Debug: "Creating PKI path '/home/user/bin/pki/issuers/certs': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Debug: "Creating PKI path '/home/user/bin/pki/issuers/crl': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Warning: No functional TLS backend was found (:0, )
Warning: No TLS backend is available (:0, )
Warning: No client certificate found at "/home/user/bin/pki/own/certs/opcuaviewer.der" . Application identity will be invalid. (:0, )
第一期
使用上述过程创建的证书存在并且具有正确的权限:
$ ls -l /home/user/bin/pki/own/certs/opcuaviewer.der
-rw-rw-r-- 1 user user 1143 Jan 18 14:57 /home/user/bin/pki/own/certs/opcuaviewer.der
为什么找不到它?
第二期
关于 TLS 的警告应该暗示缺少一些 SSL 库。但是 ldd 告诉我没有错,我安装了以下库:
$ dpkg -l | grep libssl
ii libssl-dev:amd64 1.1.1f-1ubuntu2.8 amd64 Secure Sockets Layer toolkit - development files
ii libssl1.1:amd64 1.1.1f-1ubuntu2.8 amd64 Secure Sockets Layer toolkit - shared libraries
$ dpkg -l | grep libk5crypto
ii libk5crypto3:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos runtime libraries - Crypto Library
我还需要部署什么吗?
Qt 6.2.0 下 Ubuntu 20.04.
您必须部署在以下位置找到的 TLS 插件:
qt-path/6.2.0/gcc_64/plugins/tls/
它会解决这两个问题。