Skip to content

Commit 0a68c9a

Browse files
ShannonLeavittShannonLeavitt
authored
Merge pull request #290400 from dominicbetts/release-aio-ga-opcua-cli
AIO [GA]: Scrub CLI in OPC UA docs
2 parents a9433b3 + 91caaf4 commit 0a68c9a

File tree

1 file changed

+16
-16
lines changed

1 file changed

+16
-16
lines changed

articles/iot-operations/discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -47,14 +47,14 @@ To connect to an asset, first you need to establish the application authenticati
4747

4848
```azurecli
4949
# Append my-server.der OPC UA server certificate to the trusted certificate list secret as a new entry
50-
az iot ops connector opcua trust add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server.der"
50+
az iot ops connector opcua trust add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server.der"
5151
```
5252
5353
For a PEM encoded certificate in a file such as *./my-server.crt*, run the following command:
5454
5555
```azurecli
5656
# Append my-server.crt OPC UA server certificate to the trusted certificate list secret as a new entry
57-
az iot ops connector opcua trust add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server.crt"
57+
az iot ops connector opcua trust add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server.crt"
5858
```
5959
6060
If your OPC UA server uses a certificate issued by a certificate authority (CA), you can trust the CA by adding its public key certificate to the connector for OPC UA trusted certificates list. The connector for OPC UA now automatically trusts all the servers that use a valid certificate issued by the CA. Therefore, you don't need to explicitly add the OPC UA server's certificate to the connector for OPC UA trusted certificates list.
@@ -71,7 +71,7 @@ To trust a CA, complete the following steps:
7171
7272
```bash
7373
# Append CA certificate to the trusted certificate list secret as a new entry
74-
az iot ops connector opcua trust add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server-ca.der"
74+
az iot ops connector opcua trust add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server-ca.der"
7575
7676
# Append the CRL to the trusted certificate list secret as a new entry
7777
data=$(kubectl create secret generic temp --from-file= my-server-ca.crl=./ my-server-ca.crl --dry-run=client -o jsonpath='{.data}')
@@ -82,7 +82,7 @@ To trust a CA, complete the following steps:
8282
8383
```bash
8484
# Append CA certificate to the trusted certificate list secret as a new entry
85-
az iot ops connector opcua trust add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server-ca.crt"
85+
az iot ops connector opcua trust add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server-ca.crt"
8686
8787
# Append the CRL to the trusted certificates list secret as a new entry
8888
data=$(kubectl create secret generic temp --from-file=my-server-ca.crl=./my-server-ca.crl --dry-run=client -o jsonpath='{.data}')
@@ -95,7 +95,7 @@ To trust a CA, complete the following steps:
9595
9696
```powershell
9797
# Append CA certificate to the trusted certificate list secret as a new entry
98-
az iot ops connector opcua trust add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server-ca.der"
98+
az iot ops connector opcua trust add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server-ca.der"
9999
100100
# Append the CRL to the trusted certificate list secret as a new entry
101101
$data = kubectl create secret generic temp --from-file=my-server-ca.crl=./my-server-ca.crl --dry-run=client -o jsonpath='{.data}'
@@ -106,7 +106,7 @@ To trust a CA, complete the following steps:
106106
107107
```powershell
108108
# Append CA certificate to the trusted certificate list secret as a new entry
109-
az iot ops connector opcua trust add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server-ca.crt"
109+
az iot ops connector opcua trust add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server-ca.crt"
110110
111111
# Append the CRL to the trusted certificate list secret as a new entry
112112
$data = kubectl create secret generic temp --from-file=my-server-ca.crl=./my-server-ca.crl --dry-run=client -o jsonpath='{.data}'
@@ -127,20 +127,20 @@ If your OPC UA server uses a certificate issued by a CA, but you don't want to t
127127
128128
```azurecli
129129
# Append CA certificate to the issuer list secret as a new entry
130-
az iot ops connector opcua issuer add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server-ca.der"
130+
az iot ops connector opcua issuer add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server-ca.der"
131131
132132
# Append the CRL to the issuer list secret as a new entry
133-
az iot ops connector opcua issuer add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server-ca.crl"
133+
az iot ops connector opcua issuer add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server-ca.crl"
134134
```
135135
136136
For a PEM encoded certificate in a file such as *./my-server-ca.crt*, run the following commands:
137137
138138
```azurecli
139139
# Append CA certificate to the issuer list secret as a new entry
140-
az iot ops connector opcua issuer add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server-ca.crt"
140+
az iot ops connector opcua issuer add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server-ca.crt"
141141
142142
# Append the CRL to the issuer list secret as a new entry
143-
az iot ops connector opcua issuer add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./my-server-ca.crl"
143+
az iot ops connector opcua issuer add --instance <your instance name> --resource-group <your resource group> --certificate-file "./my-server-ca.crl"
144144
```
145145
146146
## Configure your OPC UA server
@@ -197,8 +197,8 @@ Like the previous examples, you use a dedicated Kubernetes secret to store the c
197197
# Upload OPC UA public key certificate as an entry to the secret
198198
# Upload OPC UA private key certificate as an entry to the secret
199199
az iot ops connector opcua client add \
200-
--instance $INSTANCE_NAME \
201-
-g $RESOURCE_GROUP \
200+
--instance <your instance name> \
201+
-g <your resource group> \
202202
--public-key-file "./opcuabroker-certificate.der" \
203203
--private-key-file "./opcuabroker-certificate.pem" \
204204
--subject-name <subject name from the public key cert> \
@@ -212,8 +212,8 @@ Like the previous examples, you use a dedicated Kubernetes secret to store the c
212212
# Upload OPC UA public key certificate as an entry to the secret
213213
# Upload OPC UA private key certificate as an entry to the secret
214214
az iot ops connector opcua client add `
215-
--instance $INSTANCE_NAME `
216-
-g $RESOURCE_GROUP `
215+
--instance <your instance name> `
216+
-g <your resource group> `
217217
--public-key-file "./opcuabroker-certificate.der" `
218218
--private-key-file "./opcuabroker-certificate.pem" `
219219
--subject-name <subject name from the public key cert> `
@@ -226,10 +226,10 @@ Like the previous examples, you use a dedicated Kubernetes secret to store the c
226226
227227
```azurecli
228228
# Append CA certificate to the issuer list secret as a new entry
229-
az iot ops connector opcua issuer add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./enterprise-grade-ca-1.der"
229+
az iot ops connector opcua issuer add --instance <your instance name> --resource-group <your resource group> --certificate-file "./enterprise-grade-ca-1.der"
230230
231231
# Append the CRL to the issuer list secret as a new entry
232-
az iot ops connector opcua issuer add --instance $INSTANCE_NAME --resource-group $RESOURCE_GROUP --certificate-file "./enterprise-grade-ca-1.crl"
232+
az iot ops connector opcua issuer add --instance <your instance name> --resource-group <your resource group> --certificate-file "./enterprise-grade-ca-1.crl"
233233
```
234234
235235
Now that the connector for OPC UA uses the enterprise certificate, don't forget to add the new certificate's public key to the trusted certificate lists of all OPC UA servers it needs to connect to.

0 commit comments

Comments
 (0)