The AddCertificate Method allows a Client to add a single Certificate to the Trust List. The Server shall verify that the Certificate is valid according to the rules defined in OPC 10000-4. If an invalid Certificate is found the Server shall return an error and shall not update the Trust List.

If the Certificate is issued by a CA then the Client shall provide the entire chain in the certificate argument (see OPC 10000-6). After validating the Certificate, the Server shall add the CA Certificates to the Issuers list in the Trust List. The leaf Certificate is added to the list specified by the isTrustedCertificate argument.

This method cannot be called if the file object is open.

AddCertificate(

[in] ByteString certificate

[in] Boolean isTrustedCertificate

);

Argument

Description

Certificate

The DER encoded Certificate to add.

isTrustedCertificate

If TRUE the Certificate is added to the Trusted Certificates List.

If FALSE the Certificate is added to the Issuer Certificates List.

Method Result Codes (defined in Call Service)

Result Code

Description

Bad_UserAccessDenied

The current user does not have the rights required.

Bad_CertificateInvalid

The certificate to add is invalid.

Bad_InvalidState

The object is opened.

Table 16 specifies the AddressSpace representation for the AddCertificate Method.

Table 16 – AddCertificate Method AddressSpace Definition

Attribute

Value

BrowseName

AddCertificate

References

NodeClass

BrowseName

DataType

TypeDefinition

ModellingRule

HasProperty

Variable

InputArguments

Argument[]

PropertyType

Mandatory