7 Certificate Management Overview ToC Previous Next

7.6 Information Model for Pull Certificate Management ToC Previous Next

7.6.8 GetCertificateStatus ToC Previous Next

GetCertificateStatus is used to check if an Application needs to update its Certificate.

Signature

GetCertificateStatus(
[in]  NodeId applicationId
[in]  NodeId certificateGroupId

[in]  NodeId certificateTypeId
[out] Boolean updateRequired
);
Argument Description
applicationId The identifier assigned to the Application Instance by the GDS.
certificateGroupId The NodeId of the Certificate Group which provides the context.
If null the CertificateManager shall choose the DefaultApplicationGroup.
certificateTypeId The NodeId of the CertificateType for the Certificate.
If null the CertificateManager shall select a Certificate based on the value of the certificateGroupId argument.
updateRequired TRUE if the Application needs to request a new Certificate from the GDS.
FALSE if the Application can keep using the existing Certificate.

Access permissions that apply to CreateSigningRequest Method shall apply to this Method.

This Method can be invoked by a configuration tool which has provided user credentials with necessary access permissions. It can also be invoked by the Application identified by the applicationId (e.g. the private key used to create the channel shall be private key associated with the Certificate assigned to the Application).

Method Result Codes (defined in Call Service)

Result Code Description
Bad_NotFound The applicationId does not refer to a registered Application.
Bad_InvalidArgument The certificateGroupId or certificateTypeId parameter is not valid.
The text associated with the error shall indicate the exact problem.
Bad_UserAccessDenied The current user does not have the rights required.

Table 36 specifies the AddressSpace representation for the GetCertificateStatus Method.

Table 36 – GetCertificateStatus Method AddressSpace Definition

Attribute Value
BrowseName GetCertificateStatus
References NodeClass BrowseName DataType TypeDefinition ModellingRule
HasProperty Variable InputArguments Argument[] PropertyType Mandatory
HasProperty Variable OutputArguments Argument[] PropertyType Mandatory

7.6.8.1 RevokeCertificate ToC

RevokeCertificate is used to revoke a Certificate issued by the CertificateManager.

This Method requires an encrypted channel and that the Client provides credentials with administrative rights for the application which is having the credentials revoked.

Signature

RevokeCertificate (
[in]  NodeId applicationId
[in]  ByteString certificate
);

Argument Description
applicationId The identifier assigned to the Application by the CertificateManager.
certificate The DER encoded Certificate to revoke.

Method Result Codes (defined in Call Service)

Result Code Description
Bad_NotFound The applicationId does not refer to a registered Application.
Bad_InvalidArgument The certificate is not a Certificate for the specified Application that was issued by the CertificateManager.
Bad_UserAccessDenied The current user does not have the rights required.

Table A specifies the AddressSpace representation for the RevokeCredential Method.

Table 16A – Revoke Method AddressSpace Definition

Attribute Value
BrowseName Revoke
References NodeClass BrowseName DataType TypeDefinition ModellingRule
HasProperty Variable InputArguments Argument[] PropertyType Mandatory

Previous Next