As described in OPC UA Certificate Stores, directory certificate stores reside in a file system. In many cases, their structure can remain an opaque implementation detail to you. Knowing the structure comes handy if you need to deal with them externally or manually.
There are no files at the "root" of the directory certificate store, only sub-directories, and they are:
If the certificate store contains a certificate with a private key, it will therefore be present in both "certs" and "private" subdirectories, each time in a different format.
The file name of each certificate comprises of the certificate common name (from its subject), followed by a space, and the certificate thumbprint in square brackets, e.g. "My Application [71511464F08D30AF9F9B2BC21CDB78D49BE568B8]". Special characters (like < > : " / \ | ? *) that cannot appear in file names are stripped off from the common name.
In its simplest form, the directory certificate store path is an absolute path to the directory that holds the store, e.g. "C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault". Since absolute paths are not flexible enough and may fail to work when the application is transferred to a computer with different configuration, QuickOPC allows you to include replaceable tokens in the directory certificate store path. A token is enclosed in percentage sign characters, e.g. %CommonApplicationData%. For the token to be recognized, the directory certificate store path must begin directly with the token (the percent sign). Tokens are not recognized further down in the string.
The following two types of tokens can be used. QuickOPC searches for them from top to bottom.
If the token name is not recognized, the token is replaced by an empty string (i.e. the token is removed).
The default certificate store paths have very different defaults in .NET Framework and .NET 6+.
In .NET Framework, the default certificate stores paths are "shared"; that is, by default, all applications developed with QuickOPC share the same certificate stores, which are system-wide.
In .NET 6+, the default certificate stores paths are all in directories that are located under the current working directory of the application.
When you target .NET Framework with QuickOPC, the default directory certificate store paths all start with the %CommonApplicationData% token, which on Windows typically resolves to something like "C:\ProgramData" (this is independent of whether your development target is .NET Framework or .NET 6+). Note: On Linux, the %CommonApplicationData% token typically resolves to "/usr/share", but that would only be of interest in .NET 6+ (see below), if you change the default store paths values.
Example: The default application certificate store path is specified as "%CommonApplicationData%\OPC Foundation\CertificateStores\MachineDefault", and on Windows, it may resolve to "C:\ProgramData\OPC Foundation\CertificateStores\MachineDefault" (note that the "C:\ProgramData" folder is hidden).
When you target .NET 6+ with QuickOPC, the default directory certificate store paths all start with the %LocalFolder% token, which on resolves to the current working directory of the application.
Example: The default application certificate store path is specified as "LocalFolder/OPC Foundation/CertificateStores/MachineDefault". You will therefore have an "OPC Foundation" sub-directory in your current working directory, and a structure of the certificate stores below it.
For illustration, "minimal" directory certificate stores containing certificates for a single OPC UA application will typically look like this:
OPC Foundation
CertificateStores
MachineDefault
certs
<name and thumbprint>.der
private
<name and thumbprint>.pfx
UA Applications
certs
<name and thumbprint>.der