TLS Server
Creating a TLS server for outstation instances is exactly the same process as a TCP server,
except that an extra TlsServerConfig is required. For more details about TLS support and the configuration options,
check the TLS general information page.
Examples
Certificate chain configuration
- Rust
- C
- C++
- Java
- C#
let config = TlsServerConfig::full_pki(
Some("test.com".to_string()),
&Path::new("./certs/ca_chain/ca_cert.pem"),
&Path::new("./certs/ca_chain/entity2_cert.pem"),
&Path::new("./certs/ca_chain/entity2_key.pem"),
None, // no password
MinTlsVersion::V12,
)?;
let server = Server::new_tls_server(LinkErrorMode::Close, "127.0.0.1:20001".parse()?, config);
dnp3_tls_server_config_t config = dnp3_tls_server_config_init(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity2_cert.pem",
"./certs/ca_chain/entity2_key.pem",
"" // no password
);
dnp3_outstation_server_t *server = NULL;
dnp3_param_error_t err = dnp3_outstation_server_create_tls_server(runtime, DNP3_LINK_ERROR_MODE_CLOSE, "127.0.0.1:20001", config, &server);
// check error
// defaults to CA mode
dnp3::TlsServerConfig config(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity2_cert.pem",
"./certs/ca_chain/entity2_key.pem",
"" // no password
);
dnp3::OutstationServer server = dnp3::OutstationServer::create_tls_server(runtime, LinkErrorMode::close, "127.0.0.1:20001", config);
TlsServerConfig config =
new TlsServerConfig(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity2_cert.pem",
"./certs/ca_chain/entity2_key.pem",
"" // no password
);
OutstationServer server = OutstationServer.createTlsServer(runtime, LinkErrorMode.CLOSE, "127.0.0.1:20001", config);
var config = new TlsServerConfig(
"test.com",
"./certs/ca_chain/ca_cert.pem",
"./certs/ca_chain/entity2_cert.pem",
"./certs/ca_chain/entity2_key.pem",
"" // no password
);
var server = OutstationServer.CreateTlsServer(runtime, LinkErrorMode.Close, "127.0.0.1:20001", config);
Self-signed certificate configuration
- Rust
- C
- C++
- Java
- C#
let config = TlsServerConfig::self_signed(
&Path::new("./certs/self_signed/entity1_cert.pem"),
&Path::new("./certs/self_signed/entity2_cert.pem"),
&Path::new("./certs/self_signed/entity2_key.pem"),
None, // no password
MinTlsVersion::V12,
)?;
let server = Server::new_tls_server(LinkErrorMode::Close, "127.0.0.1:20001".parse()?, config);
dnp3_tls_server_config_t config = dnp3_tls_server_config_init(
"test.com",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity2_key.pem",
"" // no password
);
config.certificate_mode = DNP3_CERTIFICATE_MODE_SELF_SIGNED;
dnp3_outstation_server_t *server = NULL;
dnp3_param_error_t err = dnp3_outstation_server_create_tls_server(runtime, DNP3_LINK_ERROR_MODE_CLOSE, "127.0.0.1:20001", config, &server);
// check error
dnp3::TlsServerConfig config(
"test.com",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity2_key.pem",
"" // no password
);
config.certificate_mode = dnp3::CertificateMode::self_signed;
dnp3::OutstationServer server = dnp3::OutstationServer::create_tls_server(runtime, LinkErrorMode::close, "127.0.0.1:20001", config);
TlsServerConfig config =
new TlsServerConfig(
"test.com",
"./certs/self_signed/entity1_cert.pem",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity2_key.pem",
"" // no password
).withCertificateMode(CertificateMode.SELF_SIGNED);
OutstationServer server = OutstationServer.createTlsServer(runtime, LinkErrorMode.CLOSE, "127.0.0.1:20001", config);
var config = new TlsServerConfig(
"test.com",
"./certs/self_signed/entity1.pem",
"./certs/self_signed/entity2_cert.pem",
"./certs/self_signed/entity2_key.pem",
"" // no password
).WithCertificateMode(CertificateMode.SelfSigned);
var server = OutstationServer.CreateTlsServer(runtime, LinkErrorMode.Close, "127.0.0.1:20001", config);