Search

14 result(s) for Server Certificate

• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.1 Overview
  Servers shall allow Administrators to disable the DiscoveryEndpoint . If GetEndpoints is disabled and the Server Certificate is updated either automatically with Certificate Manager or manually, Clients will no longer ... CreateSession response. A Client shall verify that: The ApplicationUri specified in the Server Certificate is the same as the ApplicationUri provided in the EndpointDescription returned from CreateSession response . The Server
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.5.1 Description
  Servers shall reject registrations if the serverUri provided does not match the applicationUri in Server Certificate used to create the SecureChannel . This Service can only be invoked via SecureChannels that
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.6.2.1 Description
  securityPolicyUri is not None, a Client shall verify the HostName specified in the Server Certificate is the same as the HostName contained in the endpointUrl . If there is a difference ... SecureChannel . Servers shall add all possible HostNames like MyHost and MyHost.mycompany.com into the Server Certificate . This includes IP addresses of the host or the HostName exposed by a NAT router
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.1 Description
  provide a SecureChannelId which uniquely identifies the SecureChannel or the Client Certificate used to establish the SecureChannel . The Server uses one of these to identify the SecureChannel used to send ... such as the Administrator . The Client shall check that the ApplicationUri specified in the Server Certificate matches the ApplicationUri provided in the EndpointDescription returned by the CreateSession response
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.3.1 Description
  Certificate . The data to sign is created by appending the last serverNonce to the serverCertificate specified in the CreateSession response. If a token includes a secret then it should ... encrypted using the public key from the serverCertificate. Servers shall take proper measures to protect against attacks on user identity tokens. Such an attack is assumed if repeated connection attempts
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.4 Creating a SecureChannel
  Client to a rogue Server . For this reason the Client shall verify that the ServerCertificate in the EndpointDescription is a trusted Certificate before it calls CreateSession . The second security risk
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.8 Calculating Signatures used in CreateSession and ActivateSession
  SecureChannel Certificate ( Server ChannelCertificate ); The Client SecureChannel Certificate ( Client ChannelCertificate ); The Server Application Certificate ( ServerCertificate ); The Client Application Certificate ( ClientCertificate ); The ServerNonce returned in CreateSession or ActivateSession ; The ClientNonce passed ... Sign Signer ServerSignature (see 5.7.2 ) ChannelThumbprint | ClientNonce | HASH(Server ChannelCertificate) | HASH(Client ChannelCertificate) | ServerNonce ServerCertificate ClientSignature (see 5.7.3 ) ChannelThumbprint | ServerNonce | HASH(ServerCertificate) | HASH(Server ChannelCertificate) | HASH(Client ChannelCertificate) | ClientNonce ClientCertificate
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.41 UserTokenPolicy
  requiring RSA based encryption algorithms can only be returned in EndpointDescription with an RSA ServerCertificate. If the SecurityMode is None, SecurityPolicies based on ECC or RSA_DH are not allowed ... these SecurityPolicies . RSA based SecurityPolicies are allowed, however, the Client shall only use a ServerCertificate which it trusts to encrypt UserIdentityTokens with tokenType USERNAME or ISSUEDTOKEN. If the SecurityMode
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.2.1 General
  Certificates when they are used as part of an Internet based application. The ServerCertificate and ClientCertificate parameters used in the abstract OpenSecureChannel service are typically instances of the ApplicationInstance Certificate
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.5.3 Security
  that the Server have a Certificate , however, the Client may have a Certificate . The Server Certificate should have the domain name as the common name component of the subject name ... impose additional restrictions. For example, the web browser may require the Server have a valid TLS Certificate that is issued by CA that is installed in the Trust List
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  5.3.5 Domain Names and MulticastSubnets
  shall ignore the 'local' top level domain when checking the domain against the Server Certificate . Note that domain name validation is a necessary but not sufficient check against rogue Servers ... middle attacks when Server Certificates do not contain fully qualified domain names. The Certificate trust relationship established by administrators is the primary mechanism used to protect against these risks
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.9 ApplyChanges
  changes are pending the result is Good and the transaction is closed. When a Server Certificate or TrustList changes active SecureChannels are not immediately affected. This ensures the caller ... shall force existing SecureChannels affected by the changes to renegotiate and use the new Server Certificate and/or TrustLists. Servers may close SecureChannels without discarding any Sessions or Subscriptions. This will
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.23 ServerEndpointDataType
  specify a UserTokenPolicy with a SecurityPolicyUri . Any UserTokenSetting that is not valid for ServerCertificate associated with a generated EndpointDescription is rejected. The Server chooses unique values for PolicyIds in UserTokenPolicies
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.7.5 AuthorizationServiceConfigurationDataType
  multiple ServiceCertificates are specified the first entry in the list is exposed with the ServerCertificate Property on the AuthorizationServiceConfiguration Object. Note that when a new AuthorizationServiceConfiguration is added, Clients need