7 Certificate Management Overview ToC Previous Next

7.7 Information Model for Push Certificate Management ToC Previous Next

7.7.4 UpdateCertificate ToC Previous Next

UpdateCertificate is used to update a Certificate for a Server.

There are the following three use cases for this Method:

  • The new Certificate was created based on a signing request created with the Method CreateSigningRequest defined in 7.7.6. In this case there is no privateKey provided.
  • A new privateKey and Certificate was created outside the Server and both are updated with this Method.
  • A new Certificate was created and signed with the information from the old Certificate. In this case there is no privateKey provided. The Server shall do all normal integrity checks on the Certificate and all of the issuer Certificates. If errors occur the Bad_SecurityChecksFailed error is returned.

The Server shall report an error if the public key does not match the existing Certificate and the privateKey was not provided.

If the Server returns applyChangesRequired=FALSE then it is indicating that it is able to satisfy the requirements specified for the ApplyChanges Method.

This Method requires an encrypted channel and that the Client provides credentials with administrative rights on the Server.

Signature

UpdateCertificate(
[in] NodeId certificateGroupId
[in] NodeId certificateTypeId
[in] ByteString certificate
[in] ByteString[] issuerCertificates
[in] String privateKeyFormat
[in] ByteString privateKey
[out] Boolean applyChangesRequired
);

Argument Description
certificateGroupId The NodeId of the Certificate Group Object which is affected by the update.
If null the DefaultApplicationGroup is used.
certificateTypeId The type of Certificate being updated. The set of permitted types is specified by the CertificateTypes Property belonging to the Certificate Group.
certificate The DER encoded Certificate which replaces the existing Certificate.
issuerCertificates The issuer Certificates needed to verify the signature on the new Certificate.
privateKeyFormat The format of the Private Key (PEM or PFX). If the privateKey is not specified the privateKeyFormat is null or empty.
privateKey The Private Key encoded in the privateKeyFormat.
applyChangesRequired Indicates that the ApplyChanges Method shall be called before the new Certificate will be used.

Method Result Codes (defined in Call Service)

Result Code Description
Bad_InvalidArgument The certificateTypeId or certificateGroupId is not valid.
Bad_CertificateInvalid The Certificate is invalid or the format is not supported.
Bad_NotSupported The PrivateKey is invalid or the format is not supported.
Bad_UserAccessDenied The current user does not have the rights required.
Bad_SecurityChecksFailed Some failure occurred verifying the integrity of the Certificate.

Table 41 specifies the AddressSpace representation for the UpdateCertificate Method.

Table 41 – UpdateCertificate Method AddressSpace Definition

Attribute Value
BrowseName UpdateCertificate
References NodeClass BrowseName DataType TypeDefinition ModellingRule
HasProperty Variable InputArguments Argument[] PropertyType Mandatory
HasProperty Variable OutputArguments Argument[] PropertyType Mandatory

Previous Next