This type is used to serialize a single CertificateGroup configuration. It is defined in Table 44.
This type is used as part of the ApplicationConfigurationDataType defined in 7.10.19 which allows multiple of CertificateGroups in a Server to be updated at once.
The Name of the record is the name portion of the BrowseName of the associated CertificateGroup Object in the AddressSpace.
It may not be possible to delete CertificateGroups such as DefaultApplicationGroup.
Note that when a new CertificateGroup is added, Clients need to browse the CertificateGroups folder to discover the NodeId assigned by the Server that is needed for Certificate management Methods.
Each element in the CertificateTypes list shall be unique and not abstract. The set of permitted CertificateTypes is defined by the ApplicationConfigurationFileType Object (see 7.10.20).
When the CertificateTypes list is updated, if an element already exists it is not changed, if an element does not exist a new CertificateType is added. If existing CertificateTypes are not in the list they are deleted if no Certificate is assigned. The update is rejected if a Certificate is assigned to a deleted CertificateType. The DeleteCertificate Method is used to remove Certificates.
The Purpose imposes restrictions on the allowed CertificateTypes. The update to the CertificateGroup is rejected if the Purpose is changed and the CertificateTypes are not consistent.
The set of permitted Purposes is defined by the ApplicationConfigurationFileType Object (see 7.10.20).
Table 44 – CertificateGroupDataType Structure
|
Name |
Type |
Description |
|
CertificateGroupDataType |
Structure |
Subtype of BaseConfigurationRecordDataType. |
|
Purpose |
0:NodeId |
This value specifies the purpose of the CertificateGroup. It shall be a direct subtype of CertificateType. All CertificateTypes shall be the CertificateType or a subtype of the CertificateType indicated by the Purpose. For example, if the Purpose is ApplicationCertificate Type then the CertificateGroup is used to specify Certificates used as ApplicationInstance Certificate. . A null value is not valid. |
|
CertificateTypes |
0:NodeId[] |
The list of CertificateTypes supported by the CertificateGroup. At least one element shall be provided. |
|
IsCertificateAssigned |
0:Boolean[] |
A list of flags indicating whether the CertificateType has a Certificate assigned. The length of this list shall be the same as the CertificateTypes list. This value is ignored during an update. |
|
ValidationOptions |
TrustListValidationOptions |
The validation options that are used when validating Certificates associated with the TrustList. |
Its representation in the AddressSpace is defined in Table 45.
Table 45 – CertificateGroupDataType Definition
|
Attribute |
Value |
|||||
|
BrowseName |
0:CertificateGroupDataType |
|||||
|
IsAbstract |
False |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Other |
|
|
Subtype of the 0:BaseConfigurationRecordDataType defined in 7.8.5.5. |
||||||
|
|
||||||
|
Conformance Units |
||||||
|
GDS Certificate Manager Pull Model |
||||||
|
Push Model for Global Certificate and TrustList Management |
||||||