This type defines a concrete ObjectType which represents the configuration of the local Server that supports PushManagement. The ServerConfiguration Object (see 7.10.4) is the single instance of this Object that appears in the Server AddressSpace.
Its components are defined in Table 87.
Table 87 –ServerConfigurationType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:ServerConfigurationType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
Type Definition |
Modelling Rule |
|
Subtype of the BaseObjectType defined in OPC 10000-5. |
|||||
|
0:HasProperty |
Variable |
0:ApplicationUri |
0:UriString |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:ProductUri |
0:UriString |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:ApplicationType |
0:ApplicationType |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:ApplicationNames |
0:LocalizedText[] |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:ServerCapabilities |
0:String[] |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:SupportedPrivateKeyFormats |
0:String[] |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:MaxTrustListSize |
0:UInt32 |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:MulticastDnsEnabled |
0:Boolean |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:HasSecureElement |
0:Boolean |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:SupportsTransactions |
0:Boolean |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:InApplicationSetup |
0:Boolean |
0:PropertyType |
Optional |
|
0:HasComponent |
Method |
0:UpdateCertificate |
See 7.10.5. |
Mandatory |
|
|
0:HasComponent |
Method |
0:CreateSelfSignedCertificate |
See 7.10.6. |
Optional |
|
|
0:HasComponent |
Method |
0:DeleteCertificate |
See 7.10.7. |
Optional |
|
|
0:HasComponent |
Method |
0:GetCertificates |
See 7.10.8. |
Optional |
|
|
0:HasComponent |
Method |
0:ApplyChanges |
See 7.10.9. |
Mandatory |
|
|
0:HasComponent |
Method |
0:CancelChanges |
See 7.10.11. |
Optional |
|
|
0:HasComponent |
Method |
0:CreateSigningRequest |
See 7.10.10. |
Mandatory |
|
|
0:HasComponent |
Method |
0:GetRejectedList |
See 7.10.12. |
Mandatory |
|
|
0:HasComponent |
Method |
0:ResetToServerDefaults |
See 7.10.13. |
Optional |
|
|
0:HasComponent |
Object |
0:CertificateGroups |
|
0:CertificateGroupFolderType |
Mandatory |
|
0:HasComponent |
Object |
0:TransactionDiagnostics |
|
0:TransactionDiagnosticsType |
Optional |
|
0:HasComponent |
Object |
0:ConfigurationFile |
|
0:ApplicationConfigurationFileType |
Optional |
|
|
|||||
|
Conformance Units |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
The ApplicationUri Property specifies the ApplicationUri assigned to the application.
The ProductUri Property specifies the ProductUri for the application that appears in the ApplicationDescription.
The ApplicationType Property specifies whether the Application is a Client, a Server or both. Applications which do not support OPC UA specify an ApplicationType of Client. Note that non-OPC UA applications often have network endpoints, however, from the perspective of the CertificateManager, the applications are not Servers.
The ApplicationNames Property is a list of localized names for the application that may be used to when registering with a GDS.
The ServerCapabilities Property specifies the capabilities from Annex D which the Server supports. The value is the same as the value reported to the LocalDiscoveryServer when the Server calls the RegisterServer2 Service.
The SupportedPrivateKeyFormats specifies the PrivateKey formats supported by the Server. Possible values include “PEM” (see RFC 5958), “PFX” (see PKCS #12) or “PKCS8” (see PKCS #8). The array is empty if the Server does not allow external Clients to update the PrivateKey.
The MaxTrustListSize is the maximum size of the TrustList in bytes. 0 means no limit. The default is 65 535 bytes.
If MulticastDnsEnabled is TRUE then the application announces itself using multicast DNS. It can be changed by writing to the Variable.
If HasSecureElement is TRUE then the application has access to hardware based secure storage for the PrivateKeys associated with its Certificates.
If the SupportsTransactions Property is TRUE, the Server supports the transaction lifecyle defined in 7.10.2. If it is FALSE or not present, the Server only supports delaying application of changes until ApplyChanges is called.
If the InApplicationSetup Property is TRUE then the Server is in the application setup state described in G.2.
The UpdateCertificate Method is used to update a Certificate.
The CreateSelfSignedCertificate Method creates a new self-signed Certificate assigned to a CertificateType in a CertificateGroup.
The DeleteCertificate Method deletes Certificate that is currently assigned to a CertificateType in a CertificateGroup.
The GetCertificates Method returns the Certificates assigned to each of the CertificateTypes in a CertificateGroup.
The ApplyChanges Method is used complete changes made to CertificateGroups and/or TrustLists within the context of a transaction.
The CancelChanges Method is used to cancel an existing transaction.
The CreateSigningRequest Method asks the Server to create a PKCS #10 encoded Certificate Request that is signed with the Server’s private key.
The GetRejectedList Method returns the list of Certificates which have been rejected by the Server. It can be used to track activity or allow administrators to move a rejected Certificate into the TrustList. This Method is the a shortcut for the GetRejectedList Method (see 7.8.3.2) on the DefaultApplicationGroup CertificateGroup (see 7.8.3.3).
The ResetToServerDefaults Method is used reset the application security configuration to a default state.
The CertificateGroups Object organizes the CertificateGroups supported by the application. It is described in 7.8.4.10. All applications shall support the DefaultApplicationGroup and may support the DefaultHttpsGroup or the DefaultUserTokenGroup. Applications may support additional CertificateGroups depending on their requirements. For example, a Server with two network interfaces should have a different TrustList for each interface. The second TrustList would be represented as a new CertificateGroupType Object organized by CertificateGroups Folder.
The TransactionDiagnostics Object reports detailed error information for the current or most recently completed transaction. The TransactionDiagnostics Object is only visible to Clients with access to the SecurityAdmin Role.
The ConfigurationFile Object allows the current configuration to be read and updated.