Certificate Management deals with management and distribution of certificates and trust lists for OPC UA applications. In the context of capabilities we differentiate two roles:
- CertificateManager - an OPC UA application that provides the certificate management functions - and
- CertificateReceiver - an OPC UA application that receives its certificates and trust lists from the CertificateManager.
A GDS typically supports certificate management functions.
There are two primary models for Certificate management: pull and push management. In pull management, the application acts as a Client and uses the CertificateManager Methods to request and update Certificates and Trust Lists. In push management the application acts as a Server and exposes Methods which the CertificateManager can call to update the Certificates and Trust Lists as required.
Note – the Certificate Management Information Model is specified in OPC UA Part 12