Certificate Management

From UaCapabilities
This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search

Introduction

Certificate Management deals with management and distribution of certificates and trust lists for OPC UA applications. In the context of capabilities we differentiate two roles:

  • CertificateManager - an OPC UA application that provides the certificate management functions - and
  • CertificateReceiver - an OPC UA application that receives its certificates and trust lists from the CertificateManager.

A GDS typically supports certificate management functions.
There are two primary models for Certificate management: pull and push management. In pull management, the application acts as a Client and uses the CertificateManager Methods to request and update Certificates and Trust Lists. In push management the application acts as a Server and exposes Methods which the CertificateManager can call to update the Certificates and Trust Lists as required.
Note – the Certificate Management Information Model is specified in OPC UA Part 12

Certificate Management Capabilities

Certificate Manager

URN:          https://opcfoundation.org/wiki/index.php/Certificate_Management#Certificate_Manager

Discovery ID: GDS


Description
An application that manages certificates and trust lists for OPC UA Applications.

Usage Considerations

  • Provides centralized management and automated renewal or update of certificates and trust lists. Supports 1st time set up
  • Renews expired or compromised certificates
  • Updates Trust Lists
  • Supports revocation

Conformance Testing

Client Server

--

Certificate Receiver

URN:          https://opcfoundation.org/wiki/index.php/Certificate_Management#Certificate_Receiver

Description
This capability identifies the support of Push or Pull Model in an OPC UA Client or an OPC UA Server.

Usage Considerations
The OPC UA Application is able to interact with a global certificate manager to renew or update certificates and trust lists.


Conformance Testing

Client Server

CertificateReceiver role for Clients

CertificateReceiver role for Servers