In EST a web operation is used to enrol a client. The EST server authenticates and authorizes the EST client before allowing the operation to proceed. In OPC UA, a Method is used to request a Certificate. The CertificateManager also authenticates and authorizes the client before allowing the operation to proceed. Table 76 compares how EST servers verify the EST client with how a CertificateManager verifies a CertificateManager client.
Table 76 – Verifying that a Client is allowed to request Certificates
EST |
OPC UA |
TLS with a client certificate which is previously issued by the EST server. |
The CertificateManager client has a previously certificate previously issued by the GDS. |
TLS with a previously installed certificate which is trusted by the EST server. |
The CertificateManager client has a certificate which is trusted by the CertificateManager. |
Shared credentials distributed out of band which are used for certificate-less TLS. |
No equivalent. |
HTTPS username/password authentication. |
The CertificateManager client provides appropriate user credentials when it establishes the session. |