Telegraf opcua plugin how set certificate path on windows?

Hello,
i am trying to find how i have to write Path to cert.pem and Path to private key.pem. inside conf file
I am running telegraf on windows and i can read tags from my opc server with security mode “None”. When i select ( security_policy = “Basic128Rsa15” and security_mode = “SignAndEncrypt”) then i cannot read anything.
My server manual says that when client try to read a certificate inside “rejected” folder will be created which has to be moved inside “certs” folder.

Regards
Paskalare

Hi,

Sounds like you are trying to configure these two values:

  ## Path to cert.pem. Required when security mode or policy isn't "None".
  ## If cert path is not supplied, self-signed cert and key will be generated.
  # certificate = "/etc/telegraf/cert.pem"
  #
  ## Path to private key.pem. Required when security mode or policy isn't "None".
  ## If key path is not supplied, self-signed cert and key will be generated.
  # private_key = "/etc/telegraf/key.pem"

If you have set these, can you share what error Telegraf is printing out?

Hi @paskalare,
So it sounds like you might be using an OPC UA server simular to UA Expert. Essentially what they deploy is a trust store. Normally this is located within your OPC UA installation. When Our Telegraf OPC UA client connects then the certificate provided is sent by default to the untrusted folder of your OPC UA server. In most cases, you just cut and paste that certificate from rejected to trusted.

Note as @jpowers points out its highly recommended to use your own generated certificates when using Telegraf. If you leave Telegraf to generate its own it will do so each time Telegraf is shut down and restarted. This means you would be constantly be shifting certificates to the truststore.

Hi,
thanks for your answers.
If it runs on linux syntax “/etc/telegraf/cert.pem” is ok but if it runs from windows?
This is my case i don’t know the corrrect syntax in order .conf file to read windows path.

Hi @paskalare,
Can you try the following:

  ## Path to cert.pem. Required when security mode or policy isn't "None".
  ## If cert path is not supplied, self-signed cert and key will be generated.
  # certificate = "C:/path/to/cert/cert.pem"
  #
  ## Path to private key.pem. Required when security mode or policy isn't "None".
  ## If key path is not supplied, self-signed cert and key will be generated.
  # private_key = "C:/path/to/key/key.pem"
1 Like

thanks Jay it works!

No worries @paskalare, glad it works for you :slight_smile: