OPC 10000-4 Unified Architecture Part 4 Services Application Instance Certificate

7 Common parameter type definitions

7.3 ApplicationInstanceCertificate

An ApplicationInstanceCertificate is a ByteString containing an encoded Certificate. The encoding of an ApplicationInstanceCertificate depends on the security technology mapping and is defined completely in OPC 10000-6. Table 114 specifies the information that should be contained in an ApplicationInstanceCertificate.

Table 114 – ApplicationInstanceCertificate

Name	Type	Description
ApplicationInstanceCertificate	structure	ApplicationInstanceCertificate with signature created by a Certificate Authority.
version	String	An identifier for the version of the Certificate encoding.
serialNumber	ByteString	A unique identifier for the Certificate assigned by the Issuer.
signatureAlgorithm	String	The algorithm used to sign the Certificate. The syntax of this field depends on the Certificate encoding.
signature	ByteString	The signature created by the Issuer.
issuer	Structure	A name that identifies the Issuer Certificate used to create the signature.
validFrom	UtcTime	When the Certificate becomes valid.
validTo	UtcTime	When the Certificate expires.
subject	Structure	A name that identifies the application instance that the Certificate describes.This field should contain the productName and the name of the organization responsible for the application instance.
applicationUri	String	The applicationUri specified in the ApplicationDescription.The ApplicationDescription is described in 7.2.
hostnames []	String	The name of the machine where the application instance runs. A machine may have multiple names if is accessible via multiple networks. The hostname may be a numeric network address or a descriptive name.Server Certificates should have at least one hostname defined.
publicKey	ByteString	The public key associated with the Certificate.
keyUsage []	String	Specifies how the Certificate key may be used. ApplicationInstanceCertificates should support Digital Signature, Non-Repudiation Key Encryption, Data Encryption and Client/Server Authorization.The contents of this field depend on the Certificate encoding.