The common information model defines types that are used in both the Push and the Pull Model.
This type defines a FileType that can be used to access a Trust List.
The CertificateManager uses this type to implement the Pull Model.
Servers use this type when implementing the Push Model.
An instance of a TrustListType shall restrict access to appropriate users or applications. This may be a CertificateManager administrative user that can change the contents of a Trust List, it may be an Administrative user that is reading a TrustList to deploy to an Application host or it may be an Application that can only access the TrustList assigned to it.
The TrustList file is a UA Binary encoded stream containing an instance of TrustListDataType (see 7.8.2.6).
The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06).
If a transaction is in progress (see 7.10.6) then the Server shall return Bad_TransactionPending if Open is called with Write Mode bit set.
Servers shall automatically Close TrustLists if there are no calls to Methods on the TrustList Object within the time specified by the ActivityTimeout Property.
The Size Property inherited from FileType has no meaning for TrustList and returns the error code defined in OPC 10000-20.
When a Client opens the file for writing the Server will not actually update the TrustList until the CloseAndUpdate Method is called. Simply calling Close will discard the updates. The bit masks in TrustListDataType structure allow the Client to only update part of the Trust List.
When the CloseAndUpdate Method is called the Server will validate all new Certificates and CRLs. If this validation fails the TrustList is not updated and the Server returns the appropriate Certificate error code (see OPC 10000-4).
Table 22 – TrustListType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:TrustListType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:FileType defined in OPC 10000-20. |
|||||
|
0:HasProperty |
Variable |
0:LastUpdateTime |
0:UtcTime |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:UpdateFrequency |
0:Duration |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:ActivityTimeout |
0:Duration |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:DefaultValidationOptions |
TrustListValidationOptions |
0:PropertyType |
Optional |
|
0:HasComponent |
Method |
0:OpenWithMasks |
Defined in 7.8.2.2. |
Mandatory |
|
|
0:HasComponent |
Method |
0:CloseAndUpdate |
Defined in 7.8.2.3. |
Mandatory |
|
|
0:HasComponent |
Method |
0:AddCertificate |
Defined in 7.8.2.4. |
Mandatory |
|
|
0:HasComponent |
Method |
0:RemoveCertificate |
Defined in 7.8.2.5. |
Mandatory |
|
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
The LastUpdateTime indicates when the TrustList was last updated. The LastUpdateTime shall reflect changes made using the TrustList Object Methods. A TrustList Object in a CertificateManager shall also reflect changes made in other ways.
The LastUpdateTime of a TrustList Object in a CertificateManager allows Clients using the PullManagement to know whether the TrustList has changed since the last time they accessed it. The LastUpdateTime of a TrustList Object in the ServerConfiguration allows administration Clients to check for out of date TrustLists.
The UpdateFrequency Property specifies how often the TrustList needs to be checked for changes. When the CertificateManager specifies this value, all Clients that read a copy of the TrustList should connect to the CertificateManager and check for updates to the TrustList within 2 times the UpdateFrequency. The choice of UpdateFrequency depends on how quickly system changes need to be detected and the performance constraints of the system. UpdateFrequencies that are too long create security risks because of out of date CRLs. UpdateFrequencies that are too short negatively impact system performance. If the TrustList Object is contained within a ServerConfiguration Object then this Property is not present.
The ActivityTimeout Property specifies the maximum elapsed time between the calls to Methods on the TrustList Object after Open or OpenWithMasks is called. If this time elapses the TrustList is automatically closed by the Server and any changes are discarded. The default value is 60 000 milliseconds (1 minute).
The DefaultValidationOptions Property specifies the default options to use when validating Certificates with the TrustList. The TrustListValidationOptions DataType is defined in 7.8.2.8. This Property may be updated by Clients with access to the SecurityAdmin Role.
If auditing is supported, the CertificateManager shall generate the TrustListUpdated AuditEventType (see 7.8.2.11) when the CloseAndUpdate, AddCertificate or RemoveCertificate Methods are called.
The OpenWithMasks Method allows a Client to read only the portion of the Trust List.
This Method can only be used to read the Trust List.
After calling this Method, the Client calls Read one or more times to get the TrustList. If the Server is able to detect out of band changes to theTrustList before the Client calls the Close Method, then the next Read returns Bad_InvalidState. If the Server cannot detect out of band changes it shall ensure the Client receives a consistent snapshot.
For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role, the ApplicationSelfAdmin Privilege, or the ApplicationAdmin Privilege (see 7.2).
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).
Signature
OpenWithMasks(
[in] UInt32 masks
[out] UInt32 fileHandle
);
|
Argument |
Description |
|
masks |
The parts of the TrustList that are include in the file to read. The masks are defined in 7.8.2.7. |
|
fileHandle |
The handle of the newly opened file. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_InvalidState |
The TrustList has already been opened. |
|
Bad_TransactionPending |
The TrustList cannot be opened because it is part of a transaction is in progress. |
Table 23 specifies the AddressSpace representation for the OpenWithMasks Method.
Table 23 – OpenWithMasks Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:OpenWithMasks |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
The CloseAndUpdate Method closes the TrustList and applies the changes to the TrustList. It can only be called if the TrustList was opened for writing. If the Close Method is called any cached data is discarded and the TrustList is not changed.
If only part of the TrustList is being updated the Server creates a new TrustList that includes the existing TrustList plus any updates and validates the new TrustList.
The Server shall verify that every Certificate in the new TrustList is valid using the validation process defined in OPC 10000-4. If an invalid Certificate is found the Server shall return an error and shall not replace the existing TrustList.
If the Server does not support transactions it applies the changes immediately and sets applyChangesRequired to FALSE. If the Server supports transactions then the Server creates a new transaction or continues an existing transaction and sets applyChangesRequired to TRUE.
If a transaction exists, the Server does not update the TrustList until ApplyChanges (see 7.10.6) is called. Any Clients that read the TrustList before ApplyChanges is called will receive the existing TrustList before the transaction started.
If errors occur, the new TrustList is discarded.
When the TrustList changes the Server shall re-evaluate the Certificate associated with any open Sessions. Sessions with an untrusted or revoked Certificate shall be closed.
The structure uploaded includes a mask (see 7.8.2.7) which specifies which fields are updated. If a bit is not set then the associated field is not changed.
Signature
CloseAndUpdate(
[in] UInt32 fileHandle
[out] Boolean applyChangesRequired
);
|
Argument |
Description |
|
fileHandle |
The handle of the previously opened file. |
|
applyChangesRequired |
If TRUE the ApplyChanges Method (see 7.10.6) shall be called before the new TrustList will be used by the Server. If FALSE the TrustList is now in use. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_CertificateInvalid |
The Server could not validate all Certificates in the TrustList. The DiagnosticInfo shall specify which Certificate(s) are invalid and the specific error. |
|
Bad_ChangesPending |
Table 24 specifies the AddressSpace representation for the CloseAndUpdate Method.
Table 24 – CloseAndUpdate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:CloseAndUpdate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
The AddCertificate Method allows a Client to add a single Certificate to the Trust List. The Server shall verify that the Certificate using the validation process defined in OPC 10000-4. If an invalid Certificate is found the Server shall return an error and shall not update the Trust List.
This Method will return a validation error if the Certificate is issued by a CA and the Certificate for the issuer is not in the Trust List.
This Method cannot provide CRLs so issuer Certificates cannot be added with this Method. Instead, CA Certificates and their CRLs shall be managed with the Write Method on the containing TrustList Object.
This Method cannot be called if the containing TrustList Object is open.
This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.6).
This Method returns Bad_NotWritable if the TrustList Object is read only.
For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role (see 7.2).
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).
Signature
AddCertificate(
[in] ByteString certificate
[in] Boolean isTrustedCertificate
);
|
Argument |
Description |
|
certificate |
The DER encoded Certificate to add. |
|
isTrustedCertificate |
If TRUE the Certificate is added to the trustedCertificates list. If FALSE Bad_CertificateInvalid is returned. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_CertificateInvalid |
The certificate to add is invalid. |
|
Bad_InvalidState |
The Open Method was called with write access and the CloseAndUpdate Method has not been called. |
|
Bad_TransactionPending |
Transaction has started and ApplyChanges or CancelChanges has not been called. |
Table 25 specifies the AddressSpace representation for the AddCertificate Method.
Table 25 – AddCertificate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:AddCertificate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
The RemoveCertificate Method allows a Client to remove a single Certificate from the Trust List. It returns Bad_InvalidArgument if the thumbprint does not match a Certificate in the Trust List.
If the Certificate is a CA Certificate that has CRLs then all CRLs for that CA are removed as well.
This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.6).
This Method returns Bad_NotWritable if the TrustList Object is read only.For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the CertificateAuthorityAdmin Role (see 7.2).
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the SecurityAdmin Role (see 7.2).
Signature
RemoveCertificate(
[in] String thumbprint
[in] Boolean isTrustedCertificate
);
|
Argument |
Description |
|
Thumbprint |
The CertificateDigest of the Certificate to remove. |
|
isTrustedCertificate |
If TRUE the Certificate is removed from the Trusted Certificates List. If FALSE the Certificate is removed from the Issuer Certificates List. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
|
Bad_InvalidArgument |
The certificate to remove was not found. |
|
Bad_InvalidState |
The Open Method was called with write access and the CloseAndUpdate Method has not been called. |
|
Bad_TransactionPending |
Transaction has started and ApplyChanges or CancelChanges has not been called. |
Table 26 specifies the AddressSpace representation for the RemoveCertificate Method.
Table 26 – RemoveCertificate Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:RemoveCertificate |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
This type defines a DataType which stores the TrustList of a Server. Its values are defined in Table 27.
Table 27 – TrustListDataType Structure
|
Name |
Type |
Description |
|
TrustListDataType |
Structure |
Subtype of the Structure DataType defined in OPC 10000-5 |
|
specifiedLists |
UInt32 |
A bit mask which indicates which lists contain information. The TrustListMasks enumeration in 7.8.2.7 defines the allowed values. |
|
trustedCertificates |
ByteString[] |
The list of Application and CA Certificates which are trusted. |
|
trustedCrls |
ByteString[] |
The CRLs for the Certificates in the trustedCertificates list. |
|
issuerCertificates |
ByteString[] |
The list of CA Certificates which are necessary to validate Certificates. |
|
issuerCrls |
ByteString[] |
The CRLs for the CA Certificates in the issuerCertificates list. |
Its representation in the AddressSpace is defined in Table 28.
Table 28 – TrustListDataType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListDataType |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:Structure DataType defined in OPC 10000-5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This is a DataType that defines the values used for the SpecifiedLists field in the TrustListDataType. Its values are defined in Table 29.
Table 29 – TrustListMasks Enumeration
|
Name |
Value |
Description |
|
None |
0 |
No fields are provided. |
|
TrustedCertificates |
1 |
The TrustedCertificates are provided. |
|
TrustedCrls |
2 |
The TrustedCrls are provided. |
|
IssuerCertificates |
4 |
The IssuerCertificates are provided. |
|
IssuerCrls |
8 |
The IssuerCrls are provided. |
|
All |
15 |
All fields are provided. |
Its representation in the AddressSpace is defined in Table 30.
Table 30 – TrustListMasks Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListMasks |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the Enumeration DataType defined in OPC 10000-5. |
||||||
|
0:HasProperty |
Variable |
0:EnumValues |
0:EnumValueType [] |
0:PropertyType |
|
|
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This DataType defines flags for TrustListValidationOptions is formally defined in Table 31.
Table 31 – TrustListValidationOptions Values
|
Value |
Bit No. |
Description |
|
SuppressCertificateExpired |
0 |
Ignore errors related to the validity time of the Certificate. |
|
SuppressHostNameInvalid |
1 |
Ignore mismatches between the host name or ApplicationUri. |
|
SuppressRevocationStatusUnknown |
2 |
Ignore errors if the revocation list cannot be found for the issuer of the Certificate. |
|
SuppressIssuerCertificateExpired |
3 |
Ignore errors if an issuer has an expired Certificate. |
|
SuppressIssuerRevocationStatusUnknown |
4 |
Ignore errors if the revocation list cannot be found for any issuer of issuer Certificates. |
|
CheckRevocationStatusOnline |
5 |
Check the revocation status online. |
|
CheckRevocationStatusOffline |
6 |
Check the revocation status offline. |
If CheckRevocationStatusOnline is set, the Certificate validation process defined in OPC 10000-4 will look for the authorityInformationAccess extension to find an OCSP (RFC 6960) endpoint which can be used to determine if the Certificate has been revoked.
If the OCSP endpoint is not reachable then the Certificate validation process looks for offline CRLs if the CheckRevocationStatusOffline bit is set. Otherwise, validation fails.
The revocation status flags only have meaning for issuer Certificates and are used when validating Certificates issued by that issuer.
The default value for this DataType only has the CheckRevocationStatusOffline bit set.
The TrustListValidationOptions representation in the AddressSpace is defined in Table 32.
Table 32 – TrustListValidationOptions Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListValidationOptions |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:UInt32 DataType defined in OPC 10000-5 |
||||||
|
0:HasProperty |
Variable |
0:OptionSetValues |
0:LocalizedText [] |
0:PropertyType |
|
|
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This SystemOffNormalAlarmType is raised by the Server when the UpdateFrequency elapses and the TrustList has not been updated. This alarm automatically returns to normal when the TrustList is updated.
Table 33 – TrustListOutOfDateAlarmType definition
|
Attribute |
Value |
||||
|
BrowseName |
0:TrustListOutOfDateAlarmType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
Subtype of the SystemOffNormalAlarmType defined in OPC 10000-9. |
|||||
|
0:HasProperty |
Variable |
0:TrustListId |
0:NodeId |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:LastUpdateTime |
0:UtcTime |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:UpdateFrequency |
0:Duration |
0:PropertyType |
Mandatory |
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
TrustListId Property specifies the NodeId of the out-of-date TrustList Object.
LastUpdateTime Property specifies when the TrustList was last updated.
UpdateFrequency Property specifies how frequently the TrustList needs to be updated.
This event is raised when a Method that changes the TrustList is called
It is raised when CloseAndUpdate, AddCertificate or RemoveCertificate Method on a TrustListType Object is called.
Its representation in the AddressSpace is formally defined in Table 34.
Table 34 – TrustListUpdateRequestedAuditEventType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListUpdateRequestedAuditEventType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
|
Subtype of the 0:AuditUpdateMethodEventType defined in OPC 10000-5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This EventType inherits all Properties of the AuditUpdateMethodEventType. Their semantic is defined in OPC 10000-5.
This event is raised when a TrustList is successfully changed.
This is the result of a CloseAndUpdate Method on a TrustListType Object or the result of a ApplyChanges on the ServerConfigurationType Object being called.
It shall also be raised when the AddCertificate or RemoveCertificate Method causes an update to the Trust List.
Its representation in the AddressSpace is formally defined inTable 35.
Table 35 – TrustListUpdatedAuditEventType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:TrustListUpdatedAuditEventType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
|
Subtype of the 0:AuditEventType defined in OPC 10000-5. |
||||||
|
0:HasProperty |
Variable |
0:TrustListId |
0:NodeId |
0:PropertyType |
Mandatory |
|
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This EventType inherits all Properties of the AuditEventType. Their semantic is defined in OPC 10000-5.
This ObjectType is used for Objects which represent CertificateGroups in the AddressSpace. A CertificateGroup is a context that contains a TrustList and one or more CertificateTypes that can be assigned to an Application. This ObjectType allows an Application which has multiple TrustLists and/or ApplicationInstance Certificates to express them in its AddressSpace.
A CertificateManager can have many CertificateGroups which manage CertificateTypes and TrustLists for the applications in the system.
A Server has one or more CertificateGroups which specify the CertificateTypes and TrustLists managed by the Server. Typically, there is a mapping between a CertificateGroup in a Server and a CertificateGroup in the CertificateManager. The mechanisms for creating that mapping are outside the scope of this specification.
This type is defined in Table 36.
Table 36 – CertificateGroupType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:CertificateGroupType |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
Subtype of the BaseObjectType defined in OPC 10000-5. |
||||||
|
|
||||||
|
0:HasComponent |
Object |
0:TrustList |
|
0:TrustListType |
Mandatory |
|
|
0:HasProperty |
Variable |
0:CertificateTypes |
0:NodeId[] |
0:PropertyType |
Mandatory |
|
|
0:HasComponent |
Object |
0:CertificateExpired |
|
0:CertificateExpirationAlarmType |
Optional |
|
|
0:HasCondition |
ObjectType |
0:CertificateExpirationAlarmType |
|
|
|
|
|
0:HasComponent |
Object |
0:TrustListOutOfDate |
|
0:TrustListOutOfDateAlarmType |
Optional |
|
|
0:HasComponent |
Method |
0:GetRejectedList |
Defined in 7.8.3.2. |
Optional |
||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
The TrustList Object is the TrustList associated with the CertificateGroup.
The CertificateTypes Property specifies the NodeIds of the CertificateTypes which may be assigned to Applications which belong to the CertificateGroup. For example, a CertificateGroup with the NodeId of RsaMinApplicationCertificateType (see 7.8.4.4) and the NodeId RsaSha256ApplicationCertificate (see 7.8.4.5) specified allows an Application to have one Application Instance Certificates for each type. Abstract base types may be used in this value and indicate that any subtype is allowed. If this list is empty then the CertificateGroup does not allow Certificates to be assigned to Applications (i.e. a UserToken CertificateGroup only exists to allow the associated TrustList to be read or updated). All CertificateTypes for a given CertificateGroup shall be subtypes of a single common type which shall be either ApplicationCertificateType or HttpsCertificateType.
The CertificateExpired Object is an Alarm which is raised when a Certificate associated with the CertificateGroup is about to expire. If multiple Certificates are about to expiry an Alarm for each Certificate is raised. The CertificateExpirationAlarmType is defined in OPC 10000-9.
The TrustListOutOfDate Object is an Alarm which is raised when the TrustList has not been updated within the period specified by the UpdateFrequency (see 7.8.2.1). The TrustListOutOfDateAlarmType is defined in 7.8.2.9.
The GetRejectedList Method returns the list of Certificates that have been rejected by the Server when using the TrustList associated with the CertificateGroup. It can be used to track activity or allow administrators to move a rejected Certificate into the Trust List. This Method shall only be present on CertificateGroups which are part of the ServerConfiguration Object defined in 7.10.2.
GetRejectedList Method returns the list of Certificates that have been rejected by the Server.
No rules are defined for how the Server updates this list or how long a Certificate is kept in the list. It is recommended that every valid but untrusted Certificate be added to the rejected list as long as storage is available. Servers can delete entries from the list returned if the maximum message size is not large enough to allow the entire list to be returned.
Servers only add Certificates to this list that have no unsuppressed validation errors but are not trusted.
For PullManagement, this Method is not present on the CertificateGroup.
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).
Signature
GetRejectedList(
[out] ByteString[] certificates
);
|
Argument |
Description |
|
certificates |
The DER encoded form of the Certificates rejected by the Server. |
Method Result Codes (defined in Call Service)
|
Result Code |
Description |
|
Bad_UserAccessDenied |
The current user does not have the rights required. |
Table 37 specifies the AddressSpace representation for the GetRejectedList Method.
Table 37 – GetRejectedList Method AddressSpace Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:GetRejectedList |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
This type is used for Folders which organize Certificate Groups in the AddressSpace. This type is defined in Table 38.
Table 38 – CertificateGroupFolderType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:CertificateGroupFolderType |
||||
|
IsAbstract |
False |
||||
|
References |
Node Class |
BrowseName |
Data Type |
TypeDefinition |
Modelling Rule |
|
Subtype of the FolderType defined in OPC 10000-5. |
|||||
|
|
|||||
|
0:HasComponent |
Object |
0:DefaultApplicationGroup |
|
0:CertificateGroupType |
Mandatory |
|
0:HasComponent |
Object |
0:DefaultHttpsGroup |
|
0:CertificateGroupType |
Optional |
|
0:HasComponent |
Object |
0:DefaultUserTokenGroup |
|
0:CertificateGroupType |
Optional |
|
0:Organizes |
Object |
0:<AdditionalGroup> |
|
0:CertificateGroupType |
OptionalPlaceholder |
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
The DefaultApplicationGroup Object represents the default Certificate Group for Applications. It is used to access the default Application Trust List and to define the CertificateTypes allowed for the ApplicationInstanceCertificate. This Object shall specify the ApplicationCertificateType NodeId (see 7.8.4.2) as a single entry in the CertificateTypes list or it shall specify one or more subtypes of ApplicationCertificateType.
The DefaultHttpsGroup Object represents the default Certificate Group for HTTPS communication. It is used to access the default HTTPS Trust List and to define the CertificateTypes allowed for the HTTPS Certificate. This Object shall specify the HttpsCertificateType NodeId (see 7.8.4.3) as a single entry in the CertificateTypes list or it shall specify one or more subtypes of HttpsCertificateType.
This DefaultUserTokenGroup Object represents the default Certificate Group for validating user credentials. It is used to access the default user credential Trust List and to define the CertificateTypes allowed for user credentials Certificate. This Object shall leave CertificateTypes list empty.
This type is an abstract base type for types that describe the purpose of a Certificate. This type is defined in Table 39.
Table 39 – CertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:CertificateType |
||||
|
IsAbstract |
True |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:BaseObjectType defined in OPC 10000-5. |
|||||
|
0:HasSubtype |
ObjectType |
0:ApplicationCertificateType |
Defined in 7.8.4.2. |
||
|
0:HasSubtype |
ObjectType |
0:HttpsCertificateType |
Defined in 7.8.4.3. |
||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is an abstract base type for types that describe the purpose of an ApplicationInstanceCertificate. This type is defined in Table 40.
Table 40 – ApplicationCertificateType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:ApplicationCertificateType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
|
Subtype of the CertificateType defined in 7.8.4. |
||||||
|
0:HasSubtype |
ObjectType |
0:RsaMinApplicationCertificateType |
Defined in 7.8.4.4. |
|||
|
0:HasSubtype |
ObjectType |
0:RsaSha256ApplicationCertificateType |
Defined in 7.8.4.5. |
|||
|
0:HasSubtype |
ObjectType |
0:EccApplicationCertificateType |
Defined in 7.8.4.6. |
|||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||
This type is used to describe Certificates that are intended for use as HTTPS Certificates. This type is defined in Table 41.
Table 41 – HttpsCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:HttpsCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:CertificateType defined in 7.8.4. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an RSA key size of 1024 or 2048 bits. All Applications which support the Basic128Rsa15 and Basic256 profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 42.
Table 42 – RsaMinApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:RsaMinApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:ApplicationCertificateType defined in 7.8.4.2 |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an RSA key size of 2048, 3072 or 4096 bits. All Applications which support the Basic256Sha256 profile (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 43.
Table 43 – RsaSha256ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:RsaSha256ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:ApplicationCertificateType defined in 7.8.4.2 |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC Public Key. Applications which support the ECC profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 44.
Table 44 – EccApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:ApplicationCertificateType defined in 7.8.4.2. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC nistP256 Public Key. Applications which support the ECC NIST P256 curve profiles (see OPC 10000-7) shall have a Certificate of this type or a Certificate of the EccNistP384ApplicationCertificateType defined in 7.8.4.8. This type is defined in Table 45.
Table 45 – EccNistP256ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccNistP256ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.6. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC nistP384 Public Key. Applications which support the ECC NIST P384 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 46.
Table 46 – EccNistP384ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccNistP384ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.6. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC brainpoolP256r1 Public Key. Applications which support the ECC brainpoolP256r1 curve profiles (see OPC 10000-7) shall have a Certificate of this type or a Certificate of the EccBrainpoolP384r1ApplicationCertificateType defined in 7.8.4.10. This type is defined in Table 47.
Table 47 – EccBrainpoolP256r1ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccBrainpoolP256r1ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.6. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC brainpoolP384r1 Public Key. Applications which support the ECC brainpoolP384r1 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 48.
Table 48 – EccBrainpoolP384r1ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccBrainpoolP384r1ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.6. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC curve25519 Public Key. Applications which support the ECC curve25519 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 49.
Table 49 – EccCurve25519ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccCurve25519ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.6. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC curve448 Public Key. Applications which support the ECC curve448 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 50.
Table 50 – EccCurve448ApplicationCertificateType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:EccCurve448ApplicationCertificateType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:EccApplicationCertificateType defined in 7.8.4.6. |
|||||
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||