OPC UA applications use Certificates to store the Public Keys needed for Asymmetric Cryptography operations. All SecurityProtocols use X.509 v3 Certificates (see X.509 v3) encoded using the DER format (see X690). Certificates used by OPC UA applications shall also conform to RFC 3280 which defines a profile for X.509 v3 Certificates when they are used as part of an Internet based application.
The ServerCertificate and ClientCertificate parameters used in the abstract OpenSecureChannel service are instances of the Application Instance Certificate Data Type. 6.2.2 describes how to create an X.509 v3 Certificate that can be used as an Application Instance Certificate.
An Application Instance Certificate is a ByteString containing the DER encoded form (see X690) of an X.509 v3 Certificate. This Certificate is issued by certifying authority and identifies an instance of an application running on a single host. The X.509 v3 fields contained in an Application Instance Certificate are described in Table 36. The fields are defined completely in RFC 3280.
Table 36 also provides a mapping from the RFC 3280 terms to the terms used in the abstract definition of an Application Instance Certificate defined in OPC 10000-4.
Table 36 – Application Instance Certificate
|
Name |
OPC 10000-4 Parameter Name |
Description |
|
Application Instance Certificate |
|
An X.509 v3 Certificate. |
|
version |
version |
shall be “V3” |
|
serialNumber |
serialNumber |
The serial number assigned by the issuer. |
|
signatureAlgorithm |
signatureAlgorithm |
The algorithm used to sign the Certificate. |
|
signature |
signature |
The signature created by the Issuer. |
|
issuer |
issuer |
The distinguished name of the Certificate used to create the signature. |
|
validity |
validTo, validFrom |
When the Certificate becomes valid and when it expires. |
|
subject |
subject |
The distinguished name of the application Instance. The Common Name attribute shall be specified and should be the productName or a suitable equivalent. The Organization Name attribute shall be the name of the Organization that executes the application instance. This organization is usually not the vendor of the application. Other attributes may be specified. |
|
subjectAltName |
applicationUri, hostnames |
The alternate names for the application Instance. Shall include a uniformResourceIdentifier which is equal to the applicationUri. The URI shall be a valid URL (see RFC 1738) or a valid URN (see RFC 2141). Servers shall specify a partial or a fully qualified dNSName or a static IPAddress which identifies the machine where the application Instance runs. Additional dNSNames may be specified if the machine has multiple names. The subjectAltName field is completely described in RFC 3280. |
|
publicKey |
publicKey |
The public key associated with the Certificate. |
|
keyUsage |
keyUsage |
Specifies how the Certificate key may be used. Shall include digitalSignature, nonRepudiation, keyEncipherment and dataEncipherment. Other key uses are allowed. |
|
extendedKeyUsage |
keyUsage |
Specifies additional key uses for the Certificate. Shall specify 'serverAuth and/or clientAuth. Other key uses are allowed. |
|
authorityKeyIdentifier |
(no mapping) |
Provides more information about the key used to sign the Certificate. It shall be specified for Certificates signed by a CA. It should be specified for self-signed Certificates. |
Any X.509 v3 Certificate may be signed by CA which means that validating the signature requires access to the X.509 v3 Certificate belonging to the signing CA. Whenever an application validates a signature it must recursively build a chain of Certificates by finding the issuer Certificate, validating the Certificate and then repeat the process for the issuer Certificate. The chain ends with a self-signed Certificate.
The number of CAs used in a system should be small so it is common to install the necessary CAs on each machine with an OPC UA application. However, applications have the option of including a partial or complete chain whenever they pass a Certificate to a peer during the SecureChannel negotiation and during the CreateSession/ActivateSession handshake. All OPC UA applications shall accept partial or complete chains in any field that contains a DER encoded Certificate.
Chains are stored in a ByteString by simply appending the DER encoded form of the Certificates. The first Certificate shall be the end Certificate followed by its issuer. If the root CA is sent as part of the chain it is last Certificate appended to the ByteString.
Chains are parsed by extracting the length of each Certificate from the DER encoding. For Certificates with lengths less than 65 535 bytes it is a MSB encoded UInt16 starting at the 3rd byte.