展示如何生成密钥和证书签名请求。
This example shows how client applications can generate their own self-signed certificate or generate a certificate signing request.
At first, an RSA key is generated:
QOpcUaKeyPair key; key.generateRsaKey(QOpcUaKeyPair::RsaKeyStrength::Bits2048);
The private key can be saved to a file for further usage:
QByteArray keyData = key.privateKeyToByteArray(QOpcUaKeyPair::Cipher::Unencrypted, QString()); QFile keyFile(u"privateKey.pem"_s); keyFile.open(QFile::WriteOnly); keyFile.write(keyData); keyFile.close();
Next, a certificate signing request is created. It is also necessary to set the subject of the certificate and add all the extensions needed for OPC UA.
QOpcUaX509CertificateSigningRequest csr; // Set the subject of the certificate QOpcUaX509DistinguishedName dn; dn.setEntry(QOpcUaX509DistinguishedName::Type::CommonName, u"QtOpcUaViewer"_s); dn.setEntry(QOpcUaX509DistinguishedName::Type::CountryName, u"DE"_s); dn.setEntry(QOpcUaX509DistinguishedName::Type::LocalityName, u"Berlin"_s); dn.setEntry(QOpcUaX509DistinguishedName::Type::StateOrProvinceName, u"Berlin"_s); dn.setEntry(QOpcUaX509DistinguishedName::Type::OrganizationName, u"The Qt Company"_s); csr.setSubject(dn);
Now there are two options:
1. When you need to get your certificate signing request signed by a certificate authority, you have to use the request data.
QByteArray certificateSigningRequestData = csr.createRequest(key);
2. When there is no certificate authority, you have to self-sign the request.
QByteArray selfSignedCertificateData = csr.createSelfSignedCertificate(key);
文件: