Type of issue

• Bug
• Interoperability
• Specification
• [x ] Deployment
• Enhancement

Project

• [] OPC Vault microservice
• [ x] OPC Vault sample application
• [x ] OPC Vault edge module

Steps to reproduce

I just followed the steps in howto-deploy-services.md

Current behavior

OPC Vault edge module application (docker and dotNet) will not start.
It gives the error 'Forbidden', same with the web-page List of Certificate Groups.
So it looks that my account is not admin on the site. How do I make him that?

Context and Environment

• Operating System: azure
• GitHub branch: Master

Code to reproduce the bug

Failed to load the certificate groups. Message:Operation returned an invalid status code 'Forbidden'

Type of issue

• Bug
• Interoperability
• Specification
• Deployment
• Enhancement

Project

• OPC Vault microservice
• OPC Vault sample application
• OPC Vault edge module

Description

Reported by Matrikon in IOP

The private key PEM file is provided in the old PKCS5 format which is not correct. It should be PKCS8. The spec. references an RFC which mandates the more up-to-date format. This is an issue as some crypto libraries do not support the old format.

https://github.com/kjur/jsrsasign/wiki/Tutorial-for-PKCS5-and-PKCS8-PEM-private-key-formats-differences

Steps to reproduce

1. Create public private key pair as PEM.
2. Dowload private key
3. [and so on...]

Expected behavior

PEM format is PKCS#8

Current behavior

PEM format is PKCS#5

Known workarounds

Edit PEM after download

Possible solution

Fix service

Is your feature request related to a problem? Please describe.
Its painful to manually enter the information like AppUri and domain names in the dialog.

Describe the solution you'd like
Use the self signed cert of an app to prefill the basic information in the form.

Describe alternatives you've considered
Support the .xml description of an application.

Additional context

Please ad a Rad.me to this page. Or at least a pointer that leads to an explanation of what the Application does and how to use.
Please also add information on how to configure the micro-service. It needs at least storage configured as per:

ekskog@eighteen:~$ sudo iotedge logs -f vault
Unhandled exception. Microsoft.Azure.IIoT.Exceptions.InvalidConfigurationException: Storage configuration is missing in your configuration for dataprotection to store all keys across all instances.

There is a known issue with ASP.Net 2.1 OpenID Connect and the latest Safari browser / iOS browser using webkit. The webpage hangs after login.

Workaround: Refresh web page

An error will be displayed, but then operation continues as expected.