Siemens SIMATIC ET 200AL System Manual page 1316

Requirement
The following requirements must be met for the relevant methods and attributes to become
visible for the GDS push functionality:
• GDS is enabled
• The set security policy supports the integrity and confidentiality of the data through a
signature and encryption (Sign & Encrypt)
• Access with runtime function right "Manage certificates"
Address model for the GDS push functionality
The address model for the GDS push functionality corresponds to the "Information Model for
Push Certificate Management" of the OPC UA specification OPC 10000-12: Discovery, Global
Services.
You will find the following structure below the "ServerConfiguration" node:
Methods and attributes for access to the address model
The methods and attributes are briefly described below with special features and restrictions
of the specific address model of the S7-1500 CPU. The OPC UA specification listed above
contains the general description.
You can find a detailed description of the individual methods below this overview table.
Method / Attribute (Variable)
CreateSigningRequest
UpdateCertificate
ApplyChanges
Communication
Function Manual, 05/2021, A5E03735815-AJ
Description
Method for generating a PKCS#10-encoded certificate request
signed with the private key of the OPC UA server.
Method for updating the server certificate for the OPC UA server.
Method for applying a security-relevant change if the "ApplyChang-
esRequired" attribute was set when executing a previously executed
method.
Note
If, as a result of "ApplyChanges", a certificate is changed, the CPU
interrupts the connections/sessions that are secured via this certifi-
cate.
Background: The basis for the secured connections - the certificate -
is no longer valid.
OPC UA communication
9.2 Security at OPC UA
195