7 Certificate Management Overview ToC Previous Next

7.7 Information Model for Push Certificate Management ToC Previous Next

7.7.3 ServerConfigurationType ToC Previous Next index

This type defines an ObjectType which represents the configuration of a Server which supports Push Management . Its values are defined in Table 40. There is always exactly one instance in the Server AddressSpace.

Table 40 – ServerConfigurationType Definition

Attribute Value
BrowseName ServerConfigurationType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the BaseObjectType defined in OPC 10000-5.

References NodeClass BrowseName DataType Type
Definition
Modelling Rule
           
HasComponent Object CertificateGroups   CertificateGroup
FolderType
Mandatory
HasProperty Variable ServerCapabilities String[] PropertyType Mandatory
HasProperty Variable SupportedPrivateKeyFormats String[] PropertyType Mandatory
HasProperty Variable MaxTrustListSize UInt32 PropertyType Mandatory
HasProperty Variable MulticastDnsEnabled Boolean PropertyType Mandatory
HasComponent Method UpdateCertificate See 7.7.4 Mandatory  
HasComponent Method ApplyChanges See 7.7.5. Mandatory  
HasComponent Method CreateSigningRequest See 7.7.6. Mandatory  
HasComponent Method GetRejectedList See 7.7.7. Mandatory  

The CertificateGroups Object organizes the Certificate Groups supported by the Server. It is described in 7.5.17. Servers shall support the DefaultApplicationGroup and may support the DefaultHttpsGroup or the DefaultUserTokenGroup. Servers may support additional Certificate Groups depending on their requirements. For example, a Server with two network interfaces should have a different Trust List for each interface. The second Trust List would be represented as a new CertificateGroupType Object organized by CertificateGroups Folder.

The ServerCapabilities Property specifies the capabilities from Annex D which the Server supports. The value is the same as the value reported to the LocalDiscoveryServer when the Server calls the RegisterServer2 Service.

The SupportedPrivateKeyFormats specifies the PrivateKey formats supported by the Server. Possible values include “PEM” (see RFC 5958) or “PFX” (see PKCS #12). The array is empty if the Server does not allow external Clients to update the PrivateKey.

The MaxTrustListSize is the maximum size of the Trust List in bytes. 0 means no limit. The default is 65 535 bytes.

If MulticastDnsEnabled is TRUE then the Server announces itself using multicast DNS. It can be changed by writing to the Variable.

The GetRejectedList Method returns the list of Certificates which have been rejected by the Server. It can be used to track activity or allow administrators to move a rejected Certificate into the Trust List.

The UpdateCertificate Method is used to update a Certificate.

The ApplyChanges Method is used to apply any security related changes if the Server sets the applyChangesRequired flag when another Method is called. Servers should minimize the impact of applying the new configuration, however, it could require that all existing Sessions be closed and re-opened by the Clients.

The CreateSigningRequest Method asks the Server to create a PKCS #10 encoded Certificate Request that is signed with the Server’s private key.

Previous Next