This DataType defines flags for TrustListValidationOptions is formally defined in Table 31.

Table 31 – TrustListValidationOptions Values

Value

Bit No.

Description

SuppressCertificateExpired

0

Ignore errors related to the validity time of the Certificate.

SuppressHostNameInvalid

1

Ignore mismatches between the host name or ApplicationUri.

SuppressRevocationStatusUnknown

2

Ignore errors if the revocation list cannot be found for the issuer of the Certificate.

SuppressIssuerCertificateExpired

3

Ignore errors if an issuer has an expired Certificate.

SuppressIssuerRevocationStatusUnknown

4

Ignore errors if the revocation list cannot be found for any issuer of issuer Certificates.

CheckRevocationStatusOnline

5

Check the revocation status online.

CheckRevocationStatusOffline

6

Check the revocation status offline.

If CheckRevocationStatusOnline is set, the Certificate validation process defined in OPC 10000-4 will look for the authorityInformationAccess extension to find an OCSP (RFC 6960) endpoint which can be used to determine if the Certificate has been revoked.

If the OCSP endpoint is not reachable then the Certificate validation process looks for offline CRLs if the CheckRevocationStatusOffline bit is set. Otherwise, validation fails.

The revocation status flags only have meaning for issuer Certificates and are used when validating Certificates issued by that issuer.

The default value for this DataType only has the CheckRevocationStatusOffline bit set.

The TrustListValidationOptions representation in the AddressSpace is defined in Table 32.

Table 32 – TrustListValidationOptions Definition

Attribute

Value

BrowseName

0:TrustListValidationOptions

IsAbstract

False

References

NodeClass

BrowseName

DataType

TypeDefinition

Other

Subtype of the 0:UInt32 DataType defined in OPC 10000-5

0:HasProperty

Variable

0:OptionSetValues

0:LocalizedText []

0:PropertyType

Conformance Units

GDS Certificate Manager Pull Model

Push Model for Global Certificate and TrustList Management