An ApplicationInstanceCertificateis a ByteStringcontaining an encoded Certificate.The encoding of an ApplicationInstanceCertificatedepends on the security technology mapping and is defined completely in OPC 10000-6. Table 113specifies the information that shall be contained in an ApplicationInstanceCertificate.
Table 113– ApplicationInstanceCertificate
Name |
Type |
Description |
ApplicationInstanceCertificate |
structure |
ApplicationInstanceCertificatewith signature created by a Certificate Authority. |
version |
String |
An identifier for the version of the Certificateencoding. |
serialNumber |
ByteString |
A unique identifier for the Certificateassigned by the Issuer. |
signatureAlgorithm |
String |
The algorithm used to sign the Certificate. The syntax of this field depends on the Certificateencoding. |
signature |
ByteString |
The signature created by the Issuer. |
issuer |
Structure |
A name that identifies the Issuer Certificateused to create the signature. |
validFrom |
UtcTime |
When the Certificatebecomes valid. |
validTo |
UtcTime |
When the Certificateexpires. |
subject |
Structure |
A name that identifies the application instance that the Certificatedescribes. This field shall contain the productName and thename of the organization responsible for the application instance. |
applicationUri |
String |
The applicationUrispecified in the ApplicationDescription. The ApplicationDescription is described in 7.1. |
hostnames [] |
String |
The name of the machine where the application instance runs. A machine may have multiple names if is accessible via multiple networks. The hostname may be a numeric network address or a descriptive name. Server Certificatesshall have at least one hostname defined. |
publicKey |
ByteString |
The public key associated with the Certificate. |
keyUsage [] |
String |
Specifies how the Certificatekey may be used. ApplicationInstanceCertificatesshall support Digital Signature, Non-Repudiation Key Encryption, Data Encryption and Client/Server Authorization. The contents of this field depend on the Certificateencoding. |