This ObjectType is the TypeDefinition for the root of the CertificateManager AddressSpace. It provides additional Methods for Certificate management which are shown in Table 30.
Table 30 – CertificateDirectoryType ObjectType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
CertificateDirectoryType |
|||||
|
Namespace |
GDS (see 3.3) |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
Subtype of the DirectoryType defined in 6.3.3. |
||||||
|
|
|
|
|
|
|
|
|
Organizes |
Object |
CertificateGroups |
|
CertificateGroup FolderType |
Mandatory |
|
|
HasComponent |
Method |
StartSigningRequest |
Defined in 7.6.3. |
Mandatory |
||
|
HasComponent |
Method |
StartNewKeyPairRequest |
Defined in 7.6.4. |
Mandatory |
||
|
HasComponent |
Method |
FinishRequest |
Defined in 7.6.5. |
Mandatory |
||
|
HasComponent |
Method |
GetCertificateGroups |
Defined in 7.6.6. |
Mandatory |
||
|
HasComponent |
Method |
GetTrustList |
Defined in 7.6.6. |
Mandatory |
||
|
HasComponent |
Method |
GetCertificateStatus |
Defined in 7.6.8. |
Mandatory |
||
|
HasComponent |
Method |
RevokeCertificate |
Defined in 7.6.8.1 |
Optional |
||
The CertificateGroups Object organizes the Certificate Groups supported by the CertificateManager. It is described in 7.5.17. CertificateManagers shall support the DefaultApplicationGroup and may support the DefaultHttpsGroup or the DefaultUserTokenGroup. CertificateManagers may support additional Certificate Groups depending on their requirements. For example, a CertificateManager with multiple Certificate Authorities would represent each as a CertificateGroupType Object organized by CertificateGroups Folder. Clients could then request Certificates issued by a specific CA by passing the appropriate NodeId to the StartSigningRequest or StartNewKeyPairRequest Methods.
The StartSigningRequest Method is used to request a new a Certificate that is signed by a CA managed by the CertificateManager. This Method is recommended when the caller already has a private key.
The StartNewKeyPairRequest Method is used to request a new Certificate that is signed by a CA managed by the CertificateManager along with a new private key. This Method is used only when the caller does not have a private key and cannot generate one.
The FinishRequest Method is used to check that a Certificate request has been approved by the CertificateManager Administrator. If successful the Certificate and Private Key (if requested) are returned.
The GetCertificateGroups Method returns a list of NodeIds for CertificateGroupType Objects that can be used to request Certificates or Trust Lists for an Application.
The GetTrustList Method returns a NodeId of a TrustListType Object that can be used to read a Trust List for an Application.
The GetCertificateStatus Method checks whether the Application needs to update its Certificate.