 |
OPC UA Local Discovery Server 1.03 |
|
OPC UA Local Discovery Server 1.03 |
OPC UA requires all products to be identified by a secure digital certificate that uniquely identifies a specific product, to a specific computer. Each application can then be configured with a "trust list" that identifies other UA products that it will trust. When a UA Client connects to a Server, the Server and Client will check each other's certificates to make sure that they trust each other. Both products must trust each other for a secure connection to be established.
When connecting a Client to a Server for the first time, typically the connection will be rejected as both applications do not trust each other - although some products may be configured to automatically trust new connections. An administrator will typically modify the trust list of the applications to make sure the Server trusts the Client, and the Client trusts the Server.
It is essential to understand that the trust relationship between a Client and a Server is bidirectional, meaning that both applications must trust one another.
Users can own PKI certificates to represent them when logging into applications. User-based PKI certificates should not be confused with UA application certificates; while similar, they are not the same. The LDS certificate repository stores application certificates, it does not store user certificates.
The LDS is like any other UA product, it is uniquely identified by its own application certificate. This means that any UA product (Client or Server) that will connect securely to the LDS must be trusted, as described above. Also, it means that the Client/Server must also trust the LDS certificate.
See also: