Internal version number: 5.71

Key changes:

• UA Administration & PKI

Targeting

• .NET runtimes: Added support for .NET 7.
• .NET runtimes: Removed support for .NET Core 3.1.

Component Improvements

OPC UA Client-Server

• When the effective endpoint selection policy only allows connection with no message security, the client instance certificate is not used when creating the OPC UA session.

OPC UA Administration and PKI

• Created a new object, CertificateGenerationParameters, with settings that influence how the certificates are generated. You can set the maximum expiration date, minimum key size, and/or the validity period in months. For creation of application instance certificates, these parameters can be changed in the new InstanceCertificateGenerationParameters property of the UAClientServerApplicationParameters object.
• The auto-generation of client instance certificate is now skipped when the effective endpoint selection policy only allows connections with no message security.
• The IEasyUAApplication.RemoveOwnCertificate method now takes an additional boolean argument, specifying whether the certificate must be present in the certificate store. An extension method without the additional argument is also available.
• When the application instance certificate is removed, its copies in the trusted peers certificate store, if any, are now removed as well.
• It is now possible to specify the default format of the application URI (which is used unless the application URI string is specified in the application manifest). The format can be set in the UAClientServerApplicationParameters.ApplicationUriTemplateString property. See OPC UA Application URI Derivation for the template syntax, and more details about how the application URI is determined.
• Added CreateInstanceCertificate method to the IEasyUAApplication interface. The method creates the instance certificate the application is currently configured to use. It is possible to specify whether the instance certificate must not be present prior to the operation, or whether the operation will be able to replace it.
• Added ValidateInstanceCertificate method to the IEasyUAApplication interface. The method validates the instance certificate the application is currently configured to use.
• Added AutoGenerateInstanceCertificate property to the UAClientServerApplicationParameters object (defaults to true). The property determines whether the application will automatically generate its instance certificate when not present.
• Added ValidateOwnInstanceCertificate property to the UAClientServerApplicationParameters object. The property determines whether the application will validate its own instance certificate before a connection with the other party is established.
• Methods on the IEasyUAApplication interface that work with the application instance certificate now have a new argument, a string sub-id. It allows the OPC UA application to work with multiple own instance certificates (needed in advanced scenarios). The sub-id of the default instance certificate is an empty string. Extensions methods are provided with the sub-id argument omitted.
• Added CertificateSubId property to the UAEndpointDescriptor object. This property allows you to select own application instance certificate which will be used when establishing the connection, in case the application uses multiple own instance certificates (needed in advanced scenarios).
• Added extension method AssureInstanceCertificate to the IEasyUAApplication interface. The method assures presence of the instance certificate the application is currently configured to use. If the instance certificate does not exist in the certificate store prior to the operation, the method creates it. Otherwise, the method has not effect.

Component Refactorings

OPC UA Administration and PKI

• The default lifetime of auto-generated application instance certificate is now 60 months (5 years), regardless of whether you target .NET Framework, or .NET 6+. Previously, the default was 600 months (50 years) for .NET Framework, and 12 months (1 year) otherwise.
• The property UAClientServerApplicationParameters.AllowOwnCertificatePrompt has been renamed to AllowUserInteraction and moved to the CertificateGenerationParameters class.

Development Productivity

Code Analysis

• When the Visual Studio extension is installed, it provides additional code analysis specifically aimed at the proper usage of QuickOPC APIs, and OPC in general. Affected places are marked up with "squiggles" directly in the code, and also appear as warnings (or other message severities) in the Error List window.

Tools and Online Services

Connectivity Explorer

• Added "Create Instance Certificate" and "Validate Instance Certificate" commands to the root OPC Unified Architecture (Client-Server) connectivity node.

OpcCmd Utility

OPC UA Client-Server

• The uaClientApplication removeInstanceCertificate command now has an additional option, -me|-mustExist <bool>, specifying whether the certificate must be present in the certificate store.
• Added createInstanceCertificate and validateInstanceCertificate commands to the uaClientApplication command.
• Added option --subId|-si <string> to uaClientApplication commands that work with the application instance certificate. The option allows to enter the certificate sub-id, in case the application uses multiple own instance certificates.
• Added option --EndpointCertificateSubId|-ecsi <string> to commands that take OPC UA endpoint descriptor as an input. The option allows to enter the sub-id of the application instance certificate which will be used when establishing the connection.
• Added assureInstanceCertificate command to the uaClientApplication command. The command assures presence of the instance certificate the application is currently configured to use.

All Command-Line Tools

• The .NET build configurations of the command-line tools now target .NET 7.
• In table output, values in columns with data of enumerated types are now automatically colorized, allowing quick visual distinction between the distinct enum values.

Examples

OPC UA Client-Server

• Added C# example showing how to set the validity period of the auto-generated application instance certificate.