Server behaviour in adding existing certificate to a trust list|OPC UA Standard|Forum|OPC Foundation

Avatar
sp_LogInOut Log In
sp_Search Search
Advanced Search
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Search Search
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Server behaviour in adding existing certificate to a trust list
Avatar
Phuong Nguyen
Member
Members
Forum Posts: 16
Member Since:
11/22/2018
sp_UserOfflineSmall Offline
1
05/30/2022 - 08:25
sp_Permalink sp_Print

Hi,

I have a question to AddCertificate method of TrustListType which is defined in "OPC UA Part 12, V1.04, Section 7.5.2": what should be the appropriate response to requesting to add to a trust list a certificate which is already existing in the trust list?

In my opinion this should be accepted by the server without having to update the trust list. Is it correct?

Thanks a lot in advance! 

Avatar
Randy Armstrong
Admin
Forum Posts: 1564
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
05/30/2022 - 10:43
sp_Permalink sp_Print

You should re-validate the certificate as required by the method. Not sure what benefit you get by not updating the trust list at that point.

Avatar
Phuong Nguyen
Member
Members
Forum Posts: 16
Member Since:
11/22/2018
sp_UserOfflineSmall Offline
3
05/30/2022 - 23:40
sp_Permalink sp_Print

yes, I totally agree that the certificate to add must be first evaluated. And based on your answer I assume that the certificate shall be accepted, is it correct?

Whether update of a trust list is necessary is also an important factor in our OPC UA server as it is running on embedded system. By not updating trust list unless required we expect to increase life time of deployed flash memory. 

Avatar
Randy Armstrong
Admin
Forum Posts: 1564
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
4
05/31/2022 - 02:47
sp_Permalink sp_Print

You can optimize actions such as writing to flash because the client cannot know and does not care.

If you support audit events you should raise the audit events on the update even if no actual changed occurred.

Avatar
Phuong Nguyen
Member
Members
Forum Posts: 16
Member Since:
11/22/2018
sp_UserOfflineSmall Offline
5
05/31/2022 - 05:21
sp_Permalink sp_Print

Now I'm convinced that it totally makes sence to have backend database such as file system, take care of storing a certificate and take an appropriate action in case of duplicated data.

sp_Feed
Go to top
Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 35
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1435
Posts: 4855