TLS Server
Creating a TLS server for outstation instances is exactly the same process as a TCP server,
except that an extra TlsServerConfig is required. For more details about TLS support and the configuration options,
check the TLS general information page.
Examples
Certificate chain configuration
- Rust
- C
- Java
- C#
let ca_chain_tls_config = TlsServerConfig::new(
"test.com",
&Path::new("./certs/ca_chain/ca_cert.pem"),
&Path::new("./certs/ca_chain/entity2_cert.pem"),
&Path::new("./certs/ca_chain/entity2_key.pem"),
None, // no password
MinTlsVersion::V1_2,
CertificateMode::AuthorityBased,
)?;
let tls_config = ca_chain_tls_config;
let mut server =
TcpServer::new_tls_server(LinkErrorMode::Close, "127.0.0.1:20001".parse()?, tls_config);
dnp3_tcp_server_t *server = NULL;
dnp3_param_error_t err = DNP3_PARAM_ERROR_OK;
dnp3_tls_server_config_t ca_chain_tls_config = dnp3_tls_server_config_init(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity2_cert.pem",
"./certs/ca_chain/entity2_key.pem",
"" // no password
);
dnp3_tls_server_config_t tls_config = ca_chain_tls_config;
err = dnp3_tcpserver_new_tls(runtime, DNP3_LINK_ERROR_MODE_CLOSE, "127.0.0.1:20001", tls_config, &server);
// check error
TlsServerConfig caChainTlsConfig =
new TlsServerConfig(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity2_cert.pem",
"./certs/ca_chain/entity2_key.pem",
"" // no password
);
TlsServerConfig tlsConfig = caChainTlsConfig;
TcpServer server =
TcpServer.createTlsServer(runtime, LinkErrorMode.CLOSE, "127.0.0.1:20001", tlsConfig);
var caChainTlsConfig = new TlsServerConfig(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity2_cert.pem",
"./certs/ca_chain/entity2_key.pem",
"" // no password
);
var tlsConfig = caChainTlsConfig;
var server = TcpServer.CreateTlsServer(runtime, LinkErrorMode.Close, "127.0.0.1:20001", tlsConfig);
Self-signed certificate configuration
- Rust
- C
- Java
- C#
let self_signed_tls_config = TlsServerConfig::new(
"test.com",
&Path::new("./certs/self_signed/entity1_cert.pem"),
&Path::new("./certs/self_signed/entity2_cert.pem"),
&Path::new("./certs/self_signed/entity2_key.pem"),
None, // no password
MinTlsVersion::V1_2,
CertificateMode::SelfSigned,
)?;
let tls_config = self_signed_tls_config;
let mut server =
TcpServer::new_tls_server(LinkErrorMode::Close, "127.0.0.1:20001".parse()?, tls_config);
dnp3_tcp_server_t *server = NULL;
dnp3_param_error_t err = DNP3_PARAM_ERROR_OK;
dnp3_tls_server_config_t self_signed_tls_config = dnp3_tls_server_config_init(
"test.com",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity2_key.pem",
"" // no password
);
self_signed_tls_config.certificate_mode = DNP3_CERTIFICATE_MODE_SELF_SIGNED;
dnp3_tls_server_config_t tls_config = self_signed_tls_config;
err = dnp3_tcpserver_new_tls(runtime, DNP3_LINK_ERROR_MODE_CLOSE, "127.0.0.1:20001", tls_config, &server);
// check error
TlsServerConfig selfSignedTlsConfig =
new TlsServerConfig(
"test.com",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity2_key.pem",
"" // no password
);
selfSignedTlsConfig.certificateMode = CertificateMode.SELF_SIGNED;
TlsServerConfig tlsConfig = selfSignedTlsConfig;
TcpServer server =
TcpServer.createTlsServer(runtime, LinkErrorMode.CLOSE, "127.0.0.1:20001", tlsConfig);
var selfSignedTlsConfig = new TlsServerConfig(
"test.com",
"./certs/self_signed/entity1.pem",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity2_key.pem",
"" // no password
);
selfSignedTlsConfig.CertificateMode = CertificateMode.SelfSigned;
var tlsConfig = selfSignedTlsConfig;
var server = TcpServer.CreateTlsServer(runtime, LinkErrorMode.Close, "127.0.0.1:20001", tlsConfig);