A GDS, that also provides certificate management, supports User Access security as described in Part 12. This includes restricting all certificate management functionality to users with SecurityAdmin Role or comparable access rights. Furthermore, the list of Clients that are allowed to access management functionality can be limited.

Certificate management includes a provisioning phase and run time phase. The provisioning phase is when the GDS is providing initial certificate(s) to Clients or Servers that are just entering the system. The runtime phase is the day to day operation of system and includes providing updated CRLs, certificate renewals and updated TrustLists.

The runtime phase of GDS certificate operations can be performed in a very secure manner, since all Servers and Clients already have certificates to ensure a secure connection. For the push model of certificate management, the GDS establishes a SecureChannel using the highest security level available in the target Server. It does not provide updated CRLs, Certificates or TrustLists via an endpoint that has a lower security level than the security level of the updates. For example, if a 4096 certificate is to be updated it cannot be updated using a 2048 channel, but a 2048 certificate can be updated using a 4096 channel. If a new higher-level certificate needs to be deployed, it is handled in the same manner as the provisioning of a new Server (see SecurityLevel in OPC 10000-4).