Binding SSL certificate to a specific OPC UA client

Unified Architecture topics related to OPC UA Specification, compliant behavior and any technical issues of OPC UA, like Security, Information Model, Companion Specs DI, PLCopen, ADI, ...

Moderator: Support Team

Post Reply
New_To_OPCUA
Jr. Member
Jr. Member
Posts: 1
Joined: 02 Sep 2022, 04:01

Binding SSL certificate to a specific OPC UA client

Post by New_To_OPCUA »

Hi all! I am new to OPC UA and I would like to bind a SSL certificate to a specific OPC UA client. The SSL certificate can only be used by that specific OPC UA client and will not be able to be used by other OPC UA clients to connect with the OPC UA server even though they have the same certificate and key. May I know how could I achieve that?

User avatar
Support Team
Hero Member
Hero Member
Posts: 2801
Joined: 18 Mar 2011, 15:09

Re: Binding SSL certificate to a specific OPC UA client

Post by Support Team »

Hi,

it seems that you try to solve a problem that does not exist.

The certificate (application instance certificate) IS bound to a specific application, nobody else can use it, except this one instance of the application. That is the beauty of OPC UA using x509 certificates on both ends (client AND server side). For establishing connection OPC UA needs individual trust on both sides, client must trust server, and server must trust client.

By using GDS you can "simplify" the trust by trusting a certificate authority (CA), but still each application will have its own identity.
Best regards
Unified Automation Support Team

Post Reply