Search

Scope: Core (OPC-10000-*) All specs

9 result(s) for Certificate.

OPC-10000-4 – OPC Unified Architecture - Part 4: Services

7.3 ApplicationInstanceCertificate

ApplicationInstanceCertificate An ApplicationInstanceCertificate is a ByteString containing an encoded Certificate. The encoding of an ApplicationInstanceCertificate depends on the security technology mapping and is defined completely in OPC 10000-6 . Table ... Table 110 - ApplicationInstanceCertificate Name Type Description ApplicationInstanceCertificate structure ApplicationInstanceCertificate with signature created by a Certificate Authority . version String An identifier for the version of the Certificate encoding. serialNumber ByteString
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

6.2.6 Certificate Chains

Certificate Chains Any X.509 v3 Certificate may be signed by CA which means that validating the signature requires access to the X.509 v3 Certificate belonging to the signing CA. Whenever ... application validates a Certificate (see OPC 10000-4 ) it shall recursively build a chain of Certificates by finding the issuer Certificate , validating the Certificate and then repeat the process
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

7.5.3 Security

Security The WebSockets protocol requires that the Server have a Certificate , however, the Client may have a Certificate . The Server Certificate should have the domain name as the common name ... component of the subject name however, Clients that are able to override the Certificate validation procedure can choose to accept Certificates with a domain mismatch. When using the WebSockets transport
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

7.9.2 CertificateDirectoryType

TypeDefinition for the root of the CertificateManager AddressSpace . It provides additional Methods for Certificate management which are shown in Table 74 . Table 74 - CertificateDirectoryType ObjectType Definition Attribute Value BrowseName ... Mandatory 0:HasComponent Method 2:CheckRevocationStatus Defined in 7.9.11 . Optional Conformance Units GDS Certificate Manager Pull Model The CertificateGroups Object organizes the CertificateGroups supported by the CertificateManager . It is described
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

7.9.11 CheckRevocationStatus

CheckRevocationStatus CheckRevocationStatus Method is used to check the revocation status of a Certificate. Clients or Servers may use this Method if the issuer Certificate has a crlDistributionPoint extension, an authorityInformationAccess ... extension (see RFC 6960) or the TrustList is configured to require online Certificate revocation checks (see 7.8.2.1 ). The CertificateManager will typically use a protocol such as OCSP
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

7.10.24 SecuritySettingsDataType

with the CertificateGroup are ignored. If a SecurityPolicyUri is valid for more than one Certificate in the CertificateGroup, then an EndpointDescription is generated for each Certificate. EndpointDescriptions generated with
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

9.7.5 AuthorizationServiceConfigurationDataType

AuthorizationServices folder to discover the NodeId assigned by the Server that is needed for Certificate Management Methods . Table 159 - AuthorizationServiceConfigurationDataType Structure Name Type Description AuthorizationServiceConfigurationDataType Structure ServiceUri 0:UriString ... ServiceCertificates 0:ServiceCertificateDataType[] A list of Certificates used by the AuthorizationService to verify AccessTokens . Certificate 0:ByteString The Certificate needed to verify AccessTokens issued by the AuthorizationService. Issuers 0:ByteString
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

6.2 Ticket Distribution

wish to validate them immediately and add a Signature with their own Certificate. A Signature shall only be applied to a Ticket that has been validated. This allows the Device ... expiring Certificates by periodically re-validating and adding a new Signature before the previous Certificate that created the previous Signature expires. The re-signed Tickets should be stored in systems
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

7.1 Overview

Ticket if it has not already been validated (see 6.4 ); Select and Validate DeviceIdentity Certificate that matches the Ticket ; Establish a secure connection to the Device using the selected DeviceIdentity ... Certificate. Issue a DCA Application Instance Certificate to the Device that indicates that it has been authenticated. The initial communication between the Registrar and the Device is secured with