An ApplicationInstanceCertificate is a ByteString containing an encoded Certificate. The encoding of an ApplicationInstanceCertificate depends on the security technology mapping and is defined completely in OPC 10000-6. Table 113 specifies the information that shall be contained in an ApplicationInstanceCertificate.
Table 113 – ApplicationInstanceCertificate
|ApplicationInstanceCertificate||structure||ApplicationInstanceCertificate with signature created by a Certificate Authority.|
|version||String||An identifier for the version of the Certificate encoding.|
|serialNumber||ByteString||A unique identifier for the Certificate assigned by the Issuer.|
|signatureAlgorithm||String||The algorithm used to sign the Certificate.
The syntax of this field depends on the Certificate encoding.
|signature||ByteString||The signature created by the Issuer.|
|issuer||Structure||A name that identifies the Issuer Certificate used to create the signature.|
|validFrom||UtcTime||When the Certificate becomes valid.|
|validTo||UtcTime||When the Certificate expires.|
|subject||Structure||A name that identifies the application instance that the Certificate describes.
This field shall contain the productName and the name of the organization responsible for the application instance.
|applicationUri||String||The applicationUri specified in the ApplicationDescription.
The ApplicationDescription is described in 7.1.
|hostnames ||String||The name of the machine where the application instance runs.
A machine may have multiple names if is accessible via multiple networks.
The hostname may be a numeric network address or a descriptive name.
Server Certificates shall have at least one hostname defined.
|publicKey||ByteString||The public key associated with the Certificate.|
|keyUsage ||String||Specifies how the Certificate key may be used.
ApplicationInstanceCertificates shall support Digital Signature, Non-Repudiation Key Encryption, Data Encryption and Client/Server Authorization.
The contents of this field depend on the Certificate encoding.