All SecurityProtocolsrequire that system clocks on communicating machines be reasonably synchronized in order to check the expiry times for Certificatesor CRLs. In addition, incorrect Timestampson Dataand Eventscould create interoperability issues.

The Network Time Protocol (NTP) provides a standard way to synchronize a machine clock with a time server on the network. Systems running on a machine with a full featured operating system like Windows or Linux will already support NTP or an equivalent. Devices running embedded operating systems should support NTP.

If a device operating system cannot practically support NTP then an OPC UA application can use the Timestampsin the ResponseHeader(see OPC 10000-4) to synchronize its clock. In this scenario, the OPC UA application will have to know the URL for a Discovery Serveron a machine known to have the correct time. The OPC UA application or a separate background utility would call the FindServers Serviceand set its clock to the time specified in the ResponseHeader. This process will need to be repeated periodically because clocks can drift over time.

Applications should log possible time synchronization errors. For example, Certificatesor CRLswith ValidFromtimes in the future could indicate a time synchronization issue.