OPC UAapplications use Certificatesto store the Public Keysneeded for Asymmetric Cryptography operations. All SecurityProtocolsuse X.509 v3 Certificates(see X.509 v3) encoded using the DER format (see X690). Certificatesused by OPC UA applications shall also conform to RFC 3280which defines a profile for X.509 v3 Certificateswhen they are used as part of an Internet based application.

The ServerCertificateand ClientCertificateparameters used in the abstract OpenSecureChannelservice are instances of the Application Instance Certificate Data Type. 6.2.2describes how to create an X.509 v3 Certificatethat can be used as an Application Instance Certificate.