In EST a web operation is used to enrol a client. The EST server authenticates and authorizes the EST client before allowing the operation to proceed. In OPC UA, a Method is used to request a Certificate. The CertificateManager also authenticates and authorizes the client before allowing the operation to proceed. Table 76 compares how EST servers verify the EST client with how a CertificateManager verifies a CertificateManager client.
Table 76 – Verifying that a Client is allowed to request Certificates
|TLS with a client certificate which is previously issued by the EST server.||The CertificateManager client has a previously certificate previously issued by the GDS.|
|TLS with a previously installed certificate which is trusted by the EST server.||The CertificateManager client has a certificate which is trusted by the CertificateManager.|
|Shared credentials distributed out of band which are used for certificate-less TLS.||No equivalent.|
|HTTPS username/password authentication.||The CertificateManager client provides appropriate user credentials when it establishes the session.|