Internal version number: 5.71

Key changes:

• UA Administration & PKI

Targeting

• .NET runtimes: Added support for .NET 7.
• .NET runtimes: Removed support for .NET Core 3.1.

Component Improvements

OPC UA Client-Server

• When the effective endpoint selection policy only allows connection with no message security, the client instance certificate is not used when creating the OPC UA session.

OPC UA Administration and PKI

• Created a new object, CertificateGenerationParameters, with settings that influence how the certificates are generated. You can set the maximum expiration date, minimum key size, and/or the validity period in months. For creation of application instance certificates, these parameters can be changed in the new InstanceCertificateGenerationParameters property of the UAClientServerApplicationParameters object.
• The auto-generation of client instance certificate is now skipped when the effective endpoint selection policy only allows connections with no message security.
• The IEasyUAApplication.RemoveOwnCertificate method now takes an additional boolean argument, specifying whether the certificate must be present in the certificate store. An extension method without the additional argument is also available.
• Changed return type of the IEasyUAApplication.RemoveOwnCertificate method from void to Boolean. The return value indicates whether the certificate has been removed.
• When the application instance certificate is removed, its copies in the trusted peers certificate store, if any, are now removed as well.
• It is now possible to specify the default format of the application URI (which is used unless the application URI string is specified in the application manifest). The format can be set in the UAClientServerApplicationParameters.ApplicationUriTemplateString property. See OPC UA Application URI Derivation for the template syntax, and more details about how the application URI is determined.
• Added CreateOwnCertificate method to the IEasyUAApplication interface. The method creates the instance certificate the application is currently configured to use. It is possible to specify whether the instance certificate must not be present prior to the operation, or whether the operation will be able to replace it.
• Added ValidateOwnCertificate method to the IEasyUAApplication interface. The method validates the instance certificate the application is currently configured to use.
• Added AutoGenerateInstanceCertificate property to the UAClientServerApplicationParameters object (defaults to true). The property determines whether the application will automatically generate its instance certificate when not present.
• Added ValidateOwnInstanceCertificate property to the UAClientServerApplicationParameters object. The property determines whether the application will validate its own instance certificate before a connection with the other party is established.
• Methods on the IEasyUAApplication interface that work with the application instance certificate now have a new argument, a string certificate sub-id. It allows the OPC UA application to work with multiple own instance certificates (needed in advanced scenarios). The sub-id of the default instance certificate is an empty string. Extensions methods are provided with the certificate sub-id argument omitted.
• Added CertificateSubId property to the UAEndpointDescriptor object. This property allows you to select own application instance certificate which will be used when establishing the connection, in case the application uses multiple own instance certificates (needed in advanced scenarios).
• Added ListCertificateSubIds method to the IEasyUAApplication interface. The method finds certificate sub-ids of all application certificates in the certificate store.
• Added extension method AssureOwnCertificate to the IEasyUAApplication interface. The method assures presence of the instance certificate the application is currently configured to use. If the instance certificate does not exist in the certificate store prior to the operation, the method creates it. Otherwise, the method has not effect.
• Added IEasyUAApplication.RemoveOwnCertificates method (notice the plural in the name), which allows to remove application certificates with sub-ids that conform to the specified pattern (you can use e.g. "*" to remove certificates with any sub-id).
• Allowed easy setting of more attribute values in generated certificate subject names, by adding properties to the UAApplicationManifest class. The new properties are CountryName (for C=), LocationName (for L=), OrganizationName (for O=), OrganizationalUnitName (for OU=), and StateOrProvinceName (for S=).

Component Refactorings

OPC UA Administration and PKI

• The default lifetime of auto-generated application instance certificate is now 60 months (5 years), regardless of whether you target .NET Framework, or .NET 6+. Previously, the default was 600 months (50 years) for .NET Framework, and 12 months (1 year) otherwise.
• The property UAClientServerApplicationParameters.AllowOwnCertificatePrompt has been renamed to AllowUserInteraction and moved to the CertificateGenerationParameters class.
• The method IEasyUAApplication.RemoveInstanceCertificate has been renamed to RemoveOwnCertificate.

Development Productivity

Code Analysis

• When the Visual Studio extension is installed, it provides additional code analysis specifically aimed at the proper usage of QuickOPC APIs, and OPC in general. Affected places are marked up with "squiggles" directly in the code, and also appear as warnings (or other message severities) in the Error List window.

Tools and Online Services

Connectivity Explorer

• Added "Create Instance Certificate" and "Validate Instance Certificate" commands to the root OPC Unified Architecture (Client-Server) connectivity node.

OpcCmd Utility

OPC UA Client-Server

• The command uaClientApplication removeInstanceCertificate has been renamed to removeOwnCertificate.
• The uaClientApplication removeOwnCertificates command now has an additional option, -me|-mustExist <bool>, specifying whether the certificate must be present in the certificate store.
• Added createOwnCertificate and validateOwnCertificate commands to the uaClientApplication command.
• Added option --certificateSubId|-csi <string> to uaClientApplication commands that work with the application instance certificate. The option allows to enter the certificate sub-id, in case the application uses multiple own instance certificates. In some cases there is --certificateSubIdPattern|-csip <string> option instead.
• Added listCertificateSubIds command to the uaClientApplication command. The command finds and displays sub-ids of all application certificates in the certificate store.
• Added option --EndpointCertificateSubId|-ecsi <string> to commands that take OPC UA endpoint descriptor as an input. The option allows to enter the sub-id of the application instance certificate which will be used when establishing the connection.
• Added assureOwnCertificate command to the uaClientApplication command. The command assures presence of the instance certificate the application is currently configured to use.
• Added options to uaClientApplication createOwnCertificate and uaClientApplication validateOwnCertificate commands that allow you to parameterize the operation, such as choosing the minimum key size, or the certificate validity period in months.

All Command-Line Tools

• The .NET build configurations of the command-line tools now target .NET 7.
• In table output, values in columns with data of enumerated types are now automatically colorized, allowing quick visual distinction between the distinct enum values.

Examples

OPC UA Client-Server

• Added C# example showing how to set the validity period of the auto-generated application instance certificate.