OPC UA + CA|OPC UA Standard|Forum|OPC Foundation

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
OPC UA + CA
Avatar
Guest
Guests
1
08/02/2018 - 00:57
sp_Permalink sp_Print

Hello,

I am making architecture of system with multiple servers and clients. >300 units in total.

Currently busy with Security. And want to make use of CA.

The main question is not clear for me is how it is simplifying managing certificates? Why “When a Digital Certificate expires and is replaced, the administrator will only need to replace the expired Digital Certificate (Public Keys and Private Keys), there will be no need to copy
a Public Key to any locations.” (Part 2, 8.1.3.)

It is not completely clear for me the big picture of how Certificate Authority should work. My wish is to integrate with existing in company systems (EJB-CA). So, we can have central place to manage all certificates and access. And automate is as much as possible.

Should I make (Global) Discovery Server with UI where administrator manages certificates(create, update and distribute), access and permissions?

What is the “best practice” for this?

Should I provide more information?

Mikl

Avatar
Randy Armstrong
Admin
Forum Posts: 1579
Member Since:
05/30/2017
sp_UserOnlineSmall Online
2
08/03/2018 - 09:36
sp_Permalink sp_Print

If you have more than 10 nodes you need a CA which means you have to issue certificates and distribute CRLs.

The best way to do this is to use a GDS which can be a front end to whatever system you want to use as a CA.

Using the GDS API to hide the details of your CA means that applications do not need to support the CA that you want to use. They only need to support the GDS API which is defined in Part 12.

How you build the GDS is up to you. There are at least 2 commercial GDS products and more are in the pipeline. You can also develop your own.

Avatar
Guest
Guests
3
08/08/2018 - 00:30
sp_Permalink
Awaiting Moderation

Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online: Randy Armstrong
Guest(s) 40
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1445
Posts: 4889