UA Part 12: Discovery and Global Services - 7.7.6 CreateSigningRequest

CreateSigningRequest Method asks the Server to create a PKCS #10 DER encoded Certificate Request that is signed with the Server’s private key. This request can be then used to request a Certificate from a CA that expects requests in this format.

This Method requires an encrypted channel and that the Client provide credentials with administrative rights on the Server.

Signature

CreateSigningRequest(

[in]NodeId certificateGroupId,

[in]NodeId certificateTypeId,

[in]String subjectName,

[in]Boolean regeneratePrivateKey,

[in]ByteString nonce,

[out]ByteString certificateRequest

);

Argument	Description
certificateGroupId	The NodeId of the Certificate Group Object which is affected by the request. If null the DefaultApplicationGroup is used.
certificateTypeId	The type of Certificate being requested. The set of permitted types is specified by the CertificateTypes Property belonging to the Certificate Group.
subjectName	The subject name to use in the Certificate Request. If not specified the SubjectName from the current Certificate is used. The format of the subjectName is defined in 7.6.4.
regeneratePrivateKey	If TRUE the Server shall create a new Private Key which it stores until the matching signed Certificate is uploaded with the UpdateCertificate Method. Previously created Private Keys may be discarded if UpdateCertificate was not called before calling this method again. If FALSE the Server uses its existing Private Key.
nonce	Additional entropy which the caller shall provide if regeneratePrivateKey is TRUE. It shall be at least 32 bytes long.
certificateRequest	The PKCS #10 DER encoded Certificate Request.

Method Result Codes (defined in Call Service)

Result Code	Description
Bad_InvalidArgument	The certificateTypeId, certificateGroupId or subjectName is not valid.
Bad_UserAccessDenied	The current user does not have the rights required.

Table 43 – CreateSigningRequest Method AddressSpace Definition