7.10.6 CreateSelfSignedCertificate
CreateSelfSignedCertificate Method creates a new self-signed Certificate and associates it with a CertificateGroup.
This Method allows an administration Client to create a Certificate used by the Server. The Purpose of the CertificateGroup specifies what the Certificate is used for. For example, a CertificateGroup that contains ApplicationInstance Certificates would only contain Certificates that are valid ApplicationInstance Certificates as defined in OPC 10000-6.The new Certificate shall be an instance of the CertificateTypeId.
If a Certificate is already assigned to the CertificateType slot then a Bad_InvalidState error is returned.
If a transaction is in progress (see 7.10.9) on another Session then the Server shall return Bad_TransactionPending. If the SecureChannel is not authenticated the Server shall return Bad_SecurityModeInsufficient.
The Server shall continue an existing transaction or create a new transaction if an existing transaction does not exist.
The Server may use an existing PrivateKey or create a new PrivateKey. If a Server cannot generate PrivateKeys for the specified CertificateType then the Server shall return Bad_NotSupported.
This Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).
Signature
CreateSelfSignedCertificate (
[in] NodeId CertificateGroupId
[in] NodeId CertificateTypeId
[in] String SubjectName
[in] String[] dnsNames
[in] String[] ipAddresses
[in] UInt16 lifetimeInDays
[in] UInt16 keySizeInBits
[out] ByteString certificate
);| Argument | Description |
| CertificateGroupId | The identifier for the CertificateGroup. |
| CertificateTypeId | The CertificateType that the new Certificate is assigned to. |
| SubjectName | The SubjectName to use with the Certificate. For HttpsCertificateTypes the SubjectName shall be specified and have the dnsName or IP Address as the common name. For ApplicationCertificateTypes the SubjectName may be omitted and the Server creates a suitable default based on the Server’s ApplicationIdentity (see 7.10.21) |
| dnsNames | The list of DNS names that appear in the subjectAltName. There shall be at least one entry in dnsName or IP address lists. |
| ipAddresses | The list of IP Addresses that appear in the subjectAltName. There shall be at least one entry in dnsName or IP address lists. |
| lifetimeInDays | The lifetime of the Certificate in days. The validity period shall begin 1 day prior to calling this Method. |
| keySizeInBits | The size of the PublicKey and PrivateKey in bits. The CertificateTypeId limits the values that may be set. A value of 0 indicates that a suitable default value is used. |
| certificate | The DER encoded form of the Certificate created by the Server. |
Method Result Codes (defined in Call Service)
| Result Code | Description |
| Bad_UserAccessDenied | The current user does not have the rights required. |
| Bad_SecurityModeInsufficient | The SecureChannel is not authenticated. |
| Bad_TransactionPending | There is already a transaction active for another session. |
| Bad_InvalidState | There is already a Certificate assigned to the CertificateType slot. |
| Bad_NotSupported | A Certificate cannot be created that matches the parameters provided. |
| Bad_OutOfRange | The keySizeInBits is not supported. |
Table 42 specifies the AddressSpace representation for the CreateSelfSignedCertificate Method.
| Attribute | Value | ||||
| BrowseName | 0:CreateSelfSignedCertificate | ||||
| References | NodeClass | BrowseName | DataType | TypeDefinition | ModellingRule |
|---|---|---|---|---|---|
| 0:HasProperty | Variable | 0:InputArguments | 0:Argument[] | 0:PropertyType | Mandatory |
| 0:HasProperty | Variable | 0:OutputArguments | 0:Argument[] | 0:PropertyType | Mandatory |
| Conformance Units | |||||
|---|---|---|---|---|---|
| Server ServerConfiguration CreateSelfSignedCertificate |