Configuration Limits For Push Function - Siemens SIMATIC ET 200AL System Manual

OPC UA communication
9.2 Security at OPC UA
9.2.7.2

Configuration limits for Push function

Number of certificates for Push function
For the OPC UA Push function, an S7-1500 CPU, regardless of the type, with firmware version
V2.9 has a configuration limit of 62 trust list entries.
A Certificate Revocation List entry (CRL) counts just as an entry in the list of trusted
certificates.
Size of elements for Push function (e.g. certificates)
Max. 4096 bytes
Example
You want to grant access to the OPC UA server for up to 62 OPC UA clients and fill the trusted
list accordingly.
When you add a Certificate Revocation List entry in the trusted list, you can only trust up to
61 client certificates.
Additional OPC UA certificates can not be transferred by loading the hardware configuration
to the CPU.
Tip
To keep the number of required certificates low, we recommend having the OPC UA client
certificates signed by the same CA.
In this case, the CPU as OPC UA server only needs the corresponding CA certificate and CRLs.
With these elements, the OPC UA server can then verify all client certificates signed by the
CA. This means you do not have to add the individual client certificates to the trusted list.
188
Function Manual, 05/2021, A5E03735815-AJ
Communication