The GetRejectedList Method returns the list of Certificates that have been rejected by the Server when using the TrustList associated with the CertificateGroup. It can be used to track activity or allow administrators to move a rejected Certificate into the TrustList.
No rules are defined for how the Server updates this list or how long a Certificate is kept in the list. It is recommended that every valid but untrusted Certificate be added to the rejected list as long as storage is available. Servers should omit older entries from the list returned if the maximum message size is not large enough to allow the entire list to be returned.
This Method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.
Signature
GetRejectedList(
[out] ByteString[] certificates
);
Argument |
Description |
certificates |
The DER encoded form of the Certificates rejected by the Server. |
Method Result Codes (defined in Call Service)
Result Code |
Description |
Bad_UserAccessDenied |
The current user does not have the rights required. |
Bad_SecurityModeInsufficient |
The SecureChannel is not encrypted. |
Table 21a specifies the AddressSpace representation for the GetRejectedList Method.
Table 21a – GetRejectedList Method AddressSpace Definition
Attribute |
Value |
||||
BrowseName |
GetRejectedList |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
HasProperty |
Variable |
OutputArguments |
Argument[] |
PropertyType |
Mandatory |