Annex H (informative) Comparison with RFC 7030 ToC Previous

H.3 Initial Enrolment ToC Previous Next

In EST a web operation is used to enrol a client. The EST server authenticates and authorizes the EST client before allowing the operation to proceed. In OPC UA, a Method is used to request a Certificate. The CertificateManager also authenticates and authorizes the client before allowing the operation to proceed. Table 76 compares how EST servers verify the EST client with how a CertificateManager verifies a CertificateManager client.

Table 76 – Verifying that a Client is allowed to request Certificates

EST OPC UA
TLS with a client certificate which is previously issued by the EST server. The CertificateManager client has a previously certificate previously issued by the GDS.
TLS with a previously installed certificate which is trusted by the EST server. The CertificateManager client has a certificate which is trusted by the CertificateManager.
Shared credentials distributed out of band which are used for certificate-less TLS. No equivalent.
HTTPS username/password authentication. The CertificateManager client provides appropriate user credentials when it establishes the session.

Previous Next