7 Certificate Management Overview ToC Previous Next

7.6 Information Model for Pull Certificate Management ToC Previous Next

7.6.2 CertificateDirectoryType ToC Previous Next

This ObjectType is the TypeDefinition for the root of the CertificateManager AddressSpace. It provides additional Methods for Certificate management which are shown in Table 30.

Table 30 – CertificateDirectoryType ObjectType Definition

Attribute Value
BrowseName CertificateDirectoryType
Namespace GDS (see 3.3)
IsAbstract False

Subtype of the DirectoryType defined in 6.3.3.

References NodeClass BrowseName DataType TypeDefinition Modelling Rule
Organizes Object CertificateGroups   CertificateGroup
HasComponent Method StartSigningRequest Defined in 7.6.3. Mandatory  
HasComponent Method StartNewKeyPairRequest Defined in 7.6.4. Mandatory  
HasComponent Method FinishRequest Defined in 7.6.5. Mandatory  
HasComponent Method GetCertificateGroups Defined in 7.6.6. Mandatory  
HasComponent Method GetTrustList Defined in 7.6.6. Mandatory  
HasComponent Method GetCertificateStatus Defined in 7.6.8. Mandatory  
HasComponent Method RevokeCertificate Defined in Optional  

The CertificateGroups Object organizes the Certificate Groups supported by the CertificateManager. It is described in 7.5.17. CertificateManagers shall support the DefaultApplicationGroup and may support the DefaultHttpsGroup or the DefaultUserTokenGroup. CertificateManagers may support additional Certificate Groups depending on their requirements. For example, a CertificateManager with multiple Certificate Authorities would represent each as a CertificateGroupType Object organized by CertificateGroups Folder. Clients could then request Certificates issued by a specific CA by passing the appropriate NodeId to the StartSigningRequest or StartNewKeyPairRequest Methods.

The StartSigningRequest Method is used to request a new a Certificate that is signed by a CA managed by the CertificateManager. This Method is recommended when the caller already has a private key.

The StartNewKeyPairRequest Method is used to request a new Certificate that is signed by a CA managed by the CertificateManager along with a new private key. This Method is used only when the caller does not have a private key and cannot generate one.

The FinishRequest Method is used to check that a Certificate request has been approved by the CertificateManager Administrator. If successful the Certificate and Private Key (if requested) are returned.

The GetCertificateGroups Method returns a list of NodeIds for CertificateGroupType Objects that can be used to request Certificates or Trust Lists for an Application.

The GetTrustList Method returns a NodeId of a TrustListType Object that can be used to read a Trust List for an Application.

The GetCertificateStatus Method checks whether the Application needs to update its Certificate.

Previous Next