How many number of times application instance certificates are to be validated in OPC UA?
Requesting a clarification on the number of times application instance certificates (both client/server) are validated from opening a SecureChannel to activating a Session in OPC UA security architecture ?
- From the book, 'OPC Unified Architecture' by Mahnke, Leitner, Damm, the following image is seen where the application instance certificates are seen validated. (Figure 7.4 in page no. 214)
- According to the specification Part 4 Services, section 6.1.5 - figure 22 shows that the application instance certificates are validated again during the session creation.
Why is this difference between the standard and the concept described in the book ? Is it really necessary to validate the application instance certificate again during session creation ? I notice that the Milo examples validate only once while opening a SecureChannel if I am not wrong.
I think that diagram is incorrect or out of date.
Validation and verification of trust has to happen the first time client/server see the certificate, which is when the channels are established.
In Create/Activate Session service possession of the certificates is proved using the signatures exchanged in the requests/responses.
edit: to summarize the comments, validation needs to occur during session creation only if the transport layer being used doesn't validate it there, but in Milo's case it's always the binary TCP transport so validation during session creation is redundant.
- Collect OPC-UA Data using Telegraf into QuestDB in a dense format
- Read ExtensionObject OPC UA - python
- Encoding and Decoding Custom OPC-UA DataTypes with UA-ModelCompiler
- Trouble Overriding addNodes Method in Eclipse Milo's NodeManagementServices
- Retries for Certs rejected by the OPCUA server
- save to csv simultaneously opcua datachange notification
- Adding security to OPC UA python server/client (Asyncua)
- Is it technically possible for an OPC UA client to tunnel requests to an OPC UA server via a Forward Proxy?
- The infinite loop to make the connection with opcua server, regardless of disconnecting the client
- Python OPCUA, modbus communication code gets a RuntimeError after 3 hours of running
- How to check whether a specific opc ua node already exists with asyncua?
- Opc.Ua "ServiceResultException: Endpoint does not support the user identity type provided." but Security Level is None
- OPC UA - Serialize an ExtensionObject
- Nodejs OPC-UA server certificat error without using any tls or certificates
- Understanding OPC-UA Security using Eclipse Milo
- OPC UA Foundation SDK .net OnSimpleWriteValue method return byte[] on complex data
- Why does my Listbox print the whole list in one line?
- C# OPCUA Client access node with Tag name to setup subscriptions
- Node-OPCUA Issue: 'Acknowledge Method Not Found' Error with Alarm Acknowledgment Functions
- Max Inputs FMU?
- OPCUA: detect and cast custom method input-parameters
- Is there any way to export the model from the OPC server?
- OPC UA tags collecting (OPCFoundation NETStandard library, code correction)
- How to make opcua more efficient in python?
- OpcUA address space
- opc hda - History Read, issue with continuationPoint when trying to read in batches
- Connect to OPCUA server with username and password
- What can cause a BadTimeout in OpcUa?
- OPC UAFX Write or Read directly to/from Parent node
- Connect to OPC-UA server from container-ized client app