7.8.2.6 AddCertificate
The AddCertificate Method allows a Client to add a single Certificate to the TrustList.
The Purpose of the associated CertificateGroup determines the validation rules for the Certificate. For ApplicationCertificateType, the Server shall verify that the Certificate is valid using the validation process defined in OPC 10000-4. All suppressible errors shall be ignored; however, they may be logged as warnings. If the validation fails, the appropriate StatusCode defined in OPC 10000-4 shall be reported.
For Purposes other than ApplicationCertificateType, the validation rules are not defined by this specification.
This Method will return a validation error if the Certificate is issued by a CA and the Certificate for the issuer is not in the TrustList.
This Method cannot provide CRLs so issuer Certificates cannot be added with this Method. Instead, CA Certificates and their CRLs shall be managed with the Write Method on the containing TrustList Object.
This Method cannot be called if the containing TrustList Object is open.
This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.9).
This Method returns Bad_NotWritable if the TrustList Object is read only.
For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role (see 7.2).
For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).
Signature
AddCertificate(
[in] ByteString Certificate
[in] Boolean IsTrustedCertificate
);| Argument | Description |
| Certificate | The DER encoded Certificate to add. |
| IsTrustedCertificate | If TRUE the Certificate is added to the TrustedCertificates list. If FALSE Bad_CertificateInvalid is returned. |
Method Result Codes (defined in Call Service)
| Result Code | Description |
| Bad_UserAccessDenied | The current user does not have the rights required. |
| Bad_CertificateInvalid | The certificate to add is invalid. |
| Bad_InvalidState | The Open Method was called with write access and the CloseAndUpdate Method has not been called. |
| Bad_RequestTooLarge | The changes would result in a TrustList that exceeds the MaxTrustListSize for the Server. |
| Bad_TransactionPending | Transaction has started and ApplyChanges or CancelChanges has not been called. |
| Bad_SecurityModeInsufficient | The SecureChannel is not authenticated. |
| Bad_NotWritable | The TrustList Object is open for read only |
Table 30 specifies the AddressSpace representation for the AddCertificate Method.
| Attribute | Value | ||||
| BrowseName | 0:AddCertificate | ||||
| References | NodeClass | BrowseName | DataType | TypeDefinition | ModellingRule |
|---|---|---|---|---|---|
| 0:HasProperty | Variable | 0:InputArguments | 0:Argument[] | 0:PropertyType | Mandatory |