Certificate Management deals with management and distribution of certificates and trust lists for OPC UA applications. In the context of capabilities we differentiate two roles:
- CertificateManager - an OPC UA application that provides the certificate management functions - and
- CertificateReceiver - an OPC UA application that receives its certificates and trust lists from the CertificateManager.
A GDS typically supports certificate management functions.
There are two primary models for Certificate management: pull and push management. In pull management, the application acts as a Client and uses the CertificateManager Methods to request and update Certificates and Trust Lists. In push management the application acts as a Server and exposes Methods which the CertificateManager can call to update the Certificates and Trust Lists as required.
Note – the Certificate Management Information Model is specified in OPC UA Part 12
Certificate Management Capabilities
An application that manages certificates and trust lists for OPC UA Applications.
- Provides centralized management and automated renewal or update of certificates and trust lists. Supports 1st time set up
- Renews expired or compromised certificates
- Updates Trust Lists
- Supports revocation
This capability identifies the support of Push or Pull Model in an OPC UA Client or an OPC UA Server.
The OPC UA Application is able to interact with a global certificate manager to renew or update certificates and trust lists.