An ApplicationInstanceCertificate is a ByteString containing an encoded Certificate. The encoding of an ApplicationInstanceCertificate depends on the security technology mapping and is defined completely in OPC 10000-6. Table 114 specifies the information that should be contained in an ApplicationInstanceCertificate.

Table 114 – ApplicationInstanceCertificate

Name

Type

Description

ApplicationInstanceCertificate

structure

ApplicationInstanceCertificate with signature created by a Certificate Authority.

version

String

An identifier for the version of the Certificate encoding.

serialNumber

ByteString

A unique identifier for the Certificate assigned by the Issuer.

signatureAlgorithm

String

The algorithm used to sign the Certificate.

The syntax of this field depends on the Certificate encoding.

signature

ByteString

The signature created by the Issuer.

issuer

Structure

A name that identifies the Issuer Certificate used to create the signature.

validFrom

UtcTime

When the Certificate becomes valid.

validTo

UtcTime

When the Certificate expires.

subject

Structure

A name that identifies the application instance that the Certificate describes.

This field should contain the productName and the name of the organization responsible for the application instance.

applicationUri

String

The applicationUri specified in the ApplicationDescription.

The ApplicationDescription is described in 7.2.

hostnames []

String

The name of the machine where the application instance runs.

A machine may have multiple names if is accessible via multiple networks.

The hostname may be a numeric network address or a descriptive name.

Server Certificates should have at least one hostname defined.

publicKey

ByteString

The public key associated with the Certificate.

keyUsage []

String

Specifies how the Certificate key may be used.

ApplicationInstanceCertificates should support Digital Signature, Non-Repudiation Key Encryption, Data Encryption and Client/Server Authorization.

The contents of this field depend on the Certificate encoding.