Search code examples
qtclient-certificatesopc-uaqt6

Certificate issues for OPC-UA with Qt wrapper

I'm running the qtopcuaviewer example following these instructions to create the client certificate:

# create a self-signed certificate and private key
openssl req -new -x509  -config opcuaviewer.config -newkey rsa:2048 -keyout opcuaviewer.key -nodes -outform der -out opcuaviewer.der
# install the certificate and key into the application PKI directory
mv opcuaviewer.der /path/to/application/pki/own/certs/opcuaviewer.der
mv opcuaviewer.key /path/to/application/pki/own/private/opcuaviewer.pem
# secure private key file permissions
chmod 600 /path/to/application/pki/own/private/opcuaviewer.pem

Here the warnings I get:

Debug: "Creating PKI path '/home/user/bin/pki/trusted/certs': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Debug: "Creating PKI path '/home/user/bin/pki/trusted/crl': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Debug: "Creating PKI path '/home/user/bin/pki/issuers/certs': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Debug: "Creating PKI path '/home/user/bin/pki/issuers/crl': SUCCESS." (../opcuaviewer/mainwindow.cpp:399, bool MainWindow::createPkiPath(const QString&))
Warning: No functional TLS backend was found (:0, )
Warning: No TLS backend is available (:0, )
Warning: No client certificate found at "/home/user/bin/pki/own/certs/opcuaviewer.der" . Application identity will be invalid. (:0, )

First issue

The certificate created with the procedure above is there and it has the correct permissions:

$ ls -l /home/user/bin/pki/own/certs/opcuaviewer.der
-rw-rw-r-- 1 user user 1143 Jan 18 14:57 /home/user/bin/pki/own/certs/opcuaviewer.der

Why does it not find it?

Second issue

The warning about TLS should imply there are some missing library for SSL. But ldd tell me nothing wrong and I have the following libraries installed:

$ dpkg -l | grep libssl
ii  libssl-dev:amd64                           1.1.1f-1ubuntu2.8                     amd64        Secure Sockets Layer toolkit - development files
ii  libssl1.1:amd64                            1.1.1f-1ubuntu2.8                     amd64        Secure Sockets Layer toolkit - shared libraries

$ dpkg -l | grep libk5crypto
ii  libk5crypto3:amd64                         1.17-6ubuntu4.1                       amd64        MIT Kerberos runtime libraries - Crypto Library

Is there anything else I need to deploy?

Qt 6.2.0 under Ubuntu 20.04.

Solution

  • You have to deploy the TLS plugin found under:

    qt-path/6.2.0/gcc_64/plugins/tls/

    and it would solve both issues.