OPC UA: Using same certificate and private key for both secure channel and session

OPC UA allows for using different certificates and private keys for establishing the secure channel and for creating the session, i.e. authenticating the client.

I'm creating a client to connect to an OPC UA server and I'm trying to keep thins as simple as possible, therefore I'm considering allowing to set just a certificate and private key, and if certificate authentication is desired then re-use that very cert. and private key.

Is this a safe assumption or are there real world reasons not to couple the secure channel and the session to the same certificate?

Solution

That's how the applications usually do it, when using UA TCP transport protocol, so yes.

With HTTPS transport, you will need a separate certificate for transport and authentication. But HTTPS is optional.

A question about Milo SDK subscriptionTransfer
OPC UA Client certificate connection problem: BadCertificateUseNotAllowed
OCP UA status=Bad_ConnectionClosed using digital petri
Writing variables with OPC UA
question about Milo SDK SubscriptionListener
Why isn't dataChangeFilterDeadbandValue key working by using Apache Camel OPC UA Client?
Use Open62541 to connect a server failed, because of 'No suitable UserTokenPolicy found for the possible endpoints'
Collect OPC-UA Data using Telegraf into QuestDB in a dense format
Read ExtensionObject OPC UA - python
Encoding and Decoding Custom OPC-UA DataTypes with UA-ModelCompiler
Trouble Overriding addNodes Method in Eclipse Milo's NodeManagementServices
Retries for Certs rejected by the OPCUA server
save to csv simultaneously opcua datachange notification
Adding security to OPC UA python server/client (Asyncua)
Is it technically possible for an OPC UA client to tunnel requests to an OPC UA server via a Forward Proxy?
The infinite loop to make the connection with opcua server, regardless of disconnecting the client
Python OPCUA, modbus communication code gets a RuntimeError after 3 hours of running
How to check whether a specific opc ua node already exists with asyncua?
Opc.Ua "ServiceResultException: Endpoint does not support the user identity type provided." but Security Level is None
OPC UA - Serialize an ExtensionObject
Nodejs OPC-UA server certificat error without using any tls or certificates
Understanding OPC-UA Security using Eclipse Milo
OPC UA Foundation SDK .net OnSimpleWriteValue method return byte[] on complex data
Why does my Listbox print the whole list in one line?
C# OPCUA Client access node with Tag name to setup subscriptions
Node-OPCUA Issue: 'Acknowledge Method Not Found' Error with Alarm Acknowledgment Functions
Max Inputs FMU?
OPCUA: detect and cast custom method input-parameters
Is there any way to export the model from the OPC server?
OPC UA tags collecting (OPCFoundation NETStandard library, code correction)