OPC UA uses a concept conveying Application Authenticationto allow applications that intend to communicate to identify each other. Each OPC UA Application Instancehas a Certificate(Application Instance Certificate) assigned that is exchanged during Secure Channelestablishment. The receiver of the Certificatechecks whether it trusts the Certificateand based on this check it accepts or rejects the request or response Messagefrom the sender. This trust check is accomplished using the concept of TrustLists. TrustListsare implemented as a CertificateStoredesignated by an administrator. An administrator determines if the Certificateis signed, validated and trustworthy before placing it in a TrustList. A TrustList also stores Certificate Authorities (CA). TrustListsthat include CAs, also include CertificateRevocation Lists (CRLs). OPC UA makes use of these industry standard concepts as defined by other organizations.

In OPC UA, HTTPS can be used to create Secure Channels, however, these channels do not provide Application Authentication. If Authenticationis required, it is based on user credentials (User Authentication see 4.9). More details on Application Authenticationcan be found in OPC 10000-4.