The AddCertificate Method allows a Client to add a single Certificate to the TrustList. The Server shall verify that the Certificate using the validation process defined in OPC 10000-4. If an invalid Certificate is found the Server shall return an error and shall not update the TrustList.

This Method will return a validation error if the Certificate is issued by a CA and the Certificate for the issuer is not in the TrustList.

This Method cannot provide CRLs so issuer Certificates cannot be added with this Method. Instead, CA Certificates and their CRLs shall be managed with the Write Method on the containing TrustList Object.

This Method cannot be called if the containing TrustList Object is open.

This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.7).

This Method returns Bad_NotWritable if the TrustList Object is read only.

For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role (see 7.2).

For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).

Signature

AddCertificate(

[in] ByteString certificate

[in] Boolean isTrustedCertificate

);

Argument

Description

certificate

The DER encoded Certificate to add.

isTrustedCertificate

If TRUE the Certificate is added to the trustedCertificates list.

If FALSE Bad_CertificateInvalid is returned.

Method Result Codes (defined in Call Service)

Result Code

Description

Bad_UserAccessDenied

The current user does not have the rights required.

Bad_CertificateInvalid

The certificate to add is invalid.

Bad_InvalidState

The Open Method was called with write access and the CloseAndUpdate Method has not been called.

Bad_RequestTooLarge

The changes would result in a TrustList that exceeds the MaxTrustListSize for the Server.

Bad_TransactionPending

Transaction has started and ApplyChanges or CancelChanges has not been called.

Bad_SecurityModeInsufficient

The SecureChannel is not authenticated.

Table 25 specifies the AddressSpace representation for the AddCertificate Method.

Table 25 – AddCertificate Method AddressSpace Definition

Attribute

Value

BrowseName

0:AddCertificate

References

NodeClass

BrowseName

DataType

TypeDefinition

ModellingRule

0:HasProperty

Variable

0:InputArguments

0:Argument[]

0:PropertyType

Mandatory