This ObjectType is the TypeDefinition for the root of the CertificateManager AddressSpace. It provides additional Methods for Certificate management which are shown in Table 30.

Table 30 – CertificateDirectoryType ObjectType Definition

Attribute

Value

BrowseName

CertificateDirectoryType

Namespace

GDS (see 3.3)

IsAbstract

False

References

NodeClass

BrowseName

DataType

TypeDefinition

Modelling Rule

Subtype of the DirectoryType defined in 6.3.3.

Organizes

Object

CertificateGroups

CertificateGroup

FolderType

Mandatory

HasComponent

Method

StartSigningRequest

Defined in 7.6.3.

Mandatory

HasComponent

Method

StartNewKeyPairRequest

Defined in 7.6.4.

Mandatory

HasComponent

Method

FinishRequest

Defined in 7.6.5.

Mandatory

HasComponent

Method

GetCertificateGroups

Defined in 7.6.6.

Mandatory

HasComponent

Method

GetTrustList

Defined in 7.6.6.

Mandatory

HasComponent

Method

GetCertificateStatus

Defined in 7.6.8.

Mandatory

HasComponent

Method

RevokeCertificate

Defined in 7.6.8.1

Optional

The CertificateGroups Object organizes the Certificate Groups supported by the CertificateManager. It is described in 7.5.17. CertificateManagers shall support the DefaultApplicationGroup and may support the DefaultHttpsGroup or the DefaultUserTokenGroup. CertificateManagers may support additional Certificate Groups depending on their requirements. For example, a CertificateManager with multiple Certificate Authorities would represent each as a CertificateGroupType Object organized by CertificateGroups Folder. Clients could then request Certificates issued by a specific CA by passing the appropriate NodeId to the StartSigningRequest or StartNewKeyPairRequest Methods.

The StartSigningRequest Method is used to request a new a Certificate that is signed by a CA managed by the CertificateManager. This Method is recommended when the caller already has a private key.

The StartNewKeyPairRequest Method is used to request a new Certificate that is signed by a CA managed by the CertificateManager along with a new private key. This Method is used only when the caller does not have a private key and cannot generate one.

The FinishRequest Method is used to check that a Certificate request has been approved by the CertificateManager Administrator. If successful the Certificate and Private Key (if requested) are returned.

The GetCertificateGroups Method returns a list of NodeIds for CertificateGroupType Objects that can be used to request Certificates or Trust Lists for an Application.

The GetTrustList Method returns a NodeId of a TrustListType Object that can be used to read a Trust List for an Application.

The GetCertificateStatus Method checks whether the Application needs to update its Certificate.