Login  •  Register


Liability of Application Instance Certificates

Unified Architecture topics related to OPC UA Specification, compliant behavior and any technical issues of OPC UA, like Security, Information Model, Companion Specs DI, PLCopen, ADI, ...

Liability of Application Instance Certificates

Postby RST » 25 Mar 2020, 16:54

Dear Support Team,

the term Application Instance Certificate suggests that by the use of this kind of certificate it can be guaranteed that only a single instance of an application can for example connect to an OPC UA server who trusts this certificate. But actually any application knowing this certificate could use it to establish a secure channel. To my knowledge, there is no mechanism that would check for agreement of the application described by the certificate and the one using it. One example is UaExpert where it is possible to exchange the own certificate by any self or CA signed certificate as long as it defines an ApplicationURI. Even the host can differ.

My first impression was that the maximum number of OPC UA clients to an OPC UA server could be technically restricted by using Application Instance Certificates. But this additionally requires secret keeping and discipline. Is this true or am I missing something?

Regards,
Reinhard
RST
Jr. Member
Jr. Member
 
Posts: 1
Joined: 27 Feb 2020, 10:16

Return to Technical

Who is online

Users browsing this forum: No registered users and 0 guests

cron