Certificate Management, PKI and UA Administration
Cryptographic certificates are at the heart of OPC UA security. They are used for mutual application authentication, and optionally also for user authentication. Handling the tasks associated with the certificates is traditionally a kind of "pain point" in OPC UA. The interactions and operations are well defined, but getting them right usually requires deeper OPC UA knowledge, with steep learning curve.
QuickOPC comes with plenty features to make certificate management tasks easier, and even automate them wherever possible. This applies to both self-signed certificates, and certificates issued by Certificate Authority (CA) and managed by PKI (Public Key Infrastructure) components, such as the GDS (Global Discovery Server).
Application Certificate Auto-Creation
Once you integrate QuickOPC into your project and make OPC UA client calls, QuickOPC will automatically generate a (self-signed) application instance certificate if it is not already available. This means that your application can start its operations right away, without additional preparatory steps on your side.
OPC UA Client Application Service
The OPC UA Client Application Service is an API withing QuickOPC, capable of maintaining client application registrations with one or more GDS servers simultaneously. It keeps track of the registrations (and unregistrations) performed. You can use this service to easily register your application with the GDS, and manage its certificates and trust lists.
This service works on even higher level than the specialized client objects - OPC UA Global Discovery Client and OPC UA Certificate Management Client. Instead of having to call the OPC UA methods as described in the specification, the client application service already puts together the necessary parameters, decides which method to call when, and then performs several operations at once. It also communicates directly with the application environment - it stores the certificate obtained from the GDS into the certificate store, refreshes trust lists, etc.
Client Pull Management (getting certificates from the GDS)
The "pull management" is a mechanism that OPC UA clients can use to manage their configuration by connecting to and interacting with the Global Discovery Server (GDS). This includes management of the own application certificate, and application trust lists.
QuickOPC fully supports the OPC UA Pull Management. This means that if your infrastructure include an OPC UA GDS, the applications created with QuickOPC will be able to participate in the PKI operations provided by the GDS.
User Interface for UA Application Administration
QuickOPC comes with read-made dialog ("Administer OPC UA Application") which you, as a developer, can easily integrate into your application or its configuration program. The dialog allows the end user to vire and manage all aspects of the OPC UA application - i.e. how it coexists and communicates in the OPC UA ecosystem.
The dialog has rich functionality, and some of it is illustrated below. On the "Trusted Certificates" tab, the user can view the list of certificates that the managed application trusts (or has rejected to trust), and can manage the trust status of individual certificates if needed:
On the "Application Certificates" tab, the end user can view the own certificate that the OPC UA application uses. The dialog automatically makes an analysis of common issues with the certificates, displays the status, and even navigates the user through steps for fixing the issues, right from the same place:
