An ApplicationInstanceCertificateis a ByteStringcontaining an encoded Certificate.The encoding of an ApplicationInstanceCertificatedepends on the security technology mapping and is defined completely in OPC 10000-6. Table 113specifies the information that shall be contained in an ApplicationInstanceCertificate.

Table 113– ApplicationInstanceCertificate

Name

Type

Description

ApplicationInstanceCertificate

structure

ApplicationInstanceCertificatewith signature created by a Certificate Authority.

version

String

An identifier for the version of the Certificateencoding.

serialNumber

ByteString

A unique identifier for the Certificateassigned by the Issuer.

signatureAlgorithm

String

The algorithm used to sign the Certificate.

The syntax of this field depends on the Certificateencoding.

signature

ByteString

The signature created by the Issuer.

issuer

Structure

A name that identifies the Issuer Certificateused to create the signature.

validFrom

UtcTime

When the Certificatebecomes valid.

validTo

UtcTime

When the Certificateexpires.

subject

Structure

A name that identifies the application instance that the Certificatedescribes.

This field shall contain the productName and thename of the organization responsible for the application instance.

applicationUri

String

The applicationUrispecified in the ApplicationDescription.

The ApplicationDescription is described in 7.1.

hostnames []

String

The name of the machine where the application instance runs.

A machine may have multiple names if is accessible via multiple networks.

The hostname may be a numeric network address or a descriptive name.

Server Certificatesshall have at least one hostname defined.

publicKey

ByteString

The public key associated with the Certificate.

keyUsage []

String

Specifies how the Certificatekey may be used.

ApplicationInstanceCertificatesshall support Digital Signature, Non-Repudiation Key Encryption, Data Encryption and Client/Server Authorization.

The contents of this field depend on the Certificateencoding.