5.4 Provisioning of Application Instance

Figure 15 illustrates the use of TrustAnchor capabilities integrated in the Pull Management process for provisioning of Application Instance (cf. OPC 10000-21 7.2, Figure 5; https://reference.opcfoundation.org/Onboarding/v105/docs/7.2).

• Establish OPC UA Secure Channel DCA – Registrar/GDS. Details on how to establish a secure channel using an existing personality are described in 5.5.

• Create personality for Application Instance

	Generate private key (gta_personality_create())
	Sign proof-of-possession on CSR (gta_personality_enroll())
	Write end-entity certificate (gta_personality_add_attribute())
	Protect TrustList for Application PKI domain (gta_authenticate_data_detached())

Provisioning of an Application Instance using Push Management works accordingly. The interactions between DCA application and GTA API are not affected by using either Push or Pull Management.