OPC UA communication
9.2 Security at OPC UA
X.509 certificates
An X.509 certificate includes the following information:
● Version number of the certificate
● Serial number of the certificate
● Information on the algorithm used by the certificate authority to sign the certificate.
● Name of the certificate authority
● Start and end of the validity period of the certificate
● Name of the program, person or organization for which/whom the certificate has been
signed by the certificate authority.
● The public key of the program, person or organization.
An X509 certificate thus links an identity (name of a program, person or an organization) to
the public key of the program, person or organization.
Check during connection establishment
When a connection is being established between the client and server, the devices check all
information from the certificate that is required to determine its integrity, such as signature,
period of validity, application name (URN) and, in case of firmware version V2.5 only, also
the IP address of the client in the client certificate.
Note
The validity period stored in the certificate is also checked. The CPU clock must therefore be
set and date/time must be within the validity period, otherwise no communication takes
place.
148
Function Manual, 11/2019, A5E03735815-AH
Communication