This type defines an ObjectType which represents the configuration of a Server which supports PushManagement. Its values are defined in Table 64. There is always exactly one instance in the Server AddressSpace.

Table 64 – ServerConfigurationType Definition

Attribute

Value

BrowseName

0:ServerConfigurationType

IsAbstract

False

References

NodeClass

BrowseName

DataType

Type

Definition

Modelling Rule

Subtype of the BaseObjectType defined in OPC 10000-5.

0:HasProperty

Variable

0:ApplicationUri

0:UriString

0:PropertyType

Optional

0:HasProperty

Variable

0:ProductUri

0:UriString

0:PropertyType

Optional

0:HasProperty

Variable

0:ApplicationType

0:ApplicationType

0:PropertyType

Optional

0:HasProperty

Variable

0:ServerCapabilities

0:String[]

0:PropertyType

Mandatory

0:HasProperty

Variable

0:SupportedPrivateKeyFormats

0:String[]

0:PropertyType

Mandatory

0:HasProperty

Variable

0:MaxTrustListSize

0:UInt32

0:PropertyType

Mandatory

0:HasProperty

Variable

0:MulticastDnsEnabled

0:Boolean

0:PropertyType

Mandatory

0:HasProperty

Variable

0:HasSecureElement

0:Boolean

0:PropertyType

Optional

0:HasComponent

Method

0:UpdateCertificate

See 7.10.4.

Mandatory

0:HasComponent

Method

0:GetCertificates

See 7.10.5.

Optional

0:HasComponent

Method

0:ApplyChanges

See 7.10.6.

Mandatory

0:HasComponent

Method

0:CancelChanges

See 7.10.8.

Optional

0:HasComponent

Method

0:CreateSigningRequest

See 7.10.7.

Mandatory

0:HasComponent

Method

0:GetRejectedList

See 7.10.9.

Mandatory

0:HasComponent

Method

0:ResetToServerDefaults

See 7.10.10.

Optional

0:HasComponent

Object

0:CertificateGroups

0:CertificateGroupFolderType

Mandatory

0:HasComponent

Object

0:TransactionDiagnostics

0:TransactionDiagnosticsType

Optional

Conformance Units

Push Model for Global Certificate and TrustList Management

The CertificateGroups Object organizes the Certificate Groups supported by the Server. It is described in 7.8.4.6. Servers shall support the DefaultApplicationGroup and may support the DefaultHttpsGroup or the DefaultUserTokenGroup. Servers may support additional Certificate Groups depending on their requirements. For example, a Server with two network interfaces should have a different Trust List for each interface. The second Trust List would be represented as a new CertificateGroupType Object organized by CertificateGroups Folder.

The ApplicationUri Property specifies the ApplicationUri assigned to the Server. It can be updated by a Client with access to the SecurityAdmin Role.

The ProductUri Property specifies the ProductUri for the Server that appears in the ApplicationDescription. It is read-only.

The ApplicationType Property specifies the ApplicationType for the Server that appears in the ApplicationDescription. It is read-only.

The ServerCapabilities Property specifies the capabilities from Annex D which the Server supports. The value is the same as the value reported to the LocalDiscoveryServer when the Server calls the RegisterServer2 Service.

The SupportedPrivateKeyFormats specifies the PrivateKey formats supported by the Server. Possible values include “PEM” (see RFC 5958) or “PFX” (see PKCS #12). The array is empty if the Server does not allow external Clients to update the PrivateKey.

The MaxTrustListSize is the maximum size of the Trust List in bytes. 0 means no limit. The default is 65 535 bytes.

If MulticastDnsEnabled is TRUE then the Server announces itself using multicast DNS. It can be changed by writing to the Variable.

If HasSecureElement is TRUE then the Server has access to hardware based secure storage for the PrivateKeys associated with its Certificates.

The UpdateCertificate Method is used to update a Certificate.

The GetCertificates Method returns the Certificates assigned to each of the CertificateTypes in a CertificateGroup.

The ApplyChanges Method is used complete changes made to CertificateGroups and/or TrustLists within the context of a transaction.

The CancelChanges Method is used to cancel an existing transaction.

The CreateSigningRequest Method asks the Server to create a PKCS #10 encoded Certificate Request that is signed with the Server’s private key.

The GetRejectedList Method returns the list of Certificates which have been rejected by the Server. It can be used to track activity or allow administrators to move a rejected Certificate into the Trust List. This Method is the a shortcut for the GetRejectedList Method (see 7.8.3.2) on the DefaultApplicationGroup CertificateGroup (see 7.8.3.3).

The ResetToServerDefaults Method is used reset the Server security configuration to a default state.

The TransactionDiagnostics Object reports detailed error information for the current or most recently completed transaction. The TransactionDiagnostics Object is only visible to Clients with access to the SecurityAdmin Role.