View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
001056210000-006: MappingsSpecpublic2025-10-20 09:082025-10-22 12:11
ReporterMatthias Isele Assigned ToRandy Armstrong  
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Product Version1.05.06 RC1 
Summary0010562: ApplicationInstanceCertificate - Subject Alternative Name
Description

Following RFC 5280 and part 6 "Application Instance Certificate" it is technically allowed to have multiple occurences of uri in the subject alternative name.
Technically that is not an issue however most products and SDKs on the market can not handle multiple occurences of uri when looking for the ApplicationUri.
Therefor to guarantee interoperability my proposal is to change the wording in part 6 table "Application Instance Certificate" for subject alternative name:
replace "Shall include a uniformResourceIdentifier which is equal to the applicationUri."
with
"Shall include exactly one uniformResourceIdentifier which is equal to the applicationUri."

TagsNo tags attached.
Commit Version1.05.07 RC1
Fix Due Date2025-11-15

Activities

Jim Luth

2025-10-21 16:10

administrator   ~0023479

Agreed to clarify Part 6 that multiple URIs are allowed and Applications should not assume only one. Also clarify that more than one IP address is allowed (current spec only allows one).

Matthias Damm

2025-10-22 12:11

developer   ~0023481

So far, I have input from seven independent OPC UA libraries including the OPCF .NET sample code.
None of them is able to handle a list of URIs.
Five use the first URI in the list.
One uses the last URI in the list.
One is using the complete list as string for the compare.

It is obvious that nobody ever used more than one URI in OPC UA application instance certificates.
It would be no problem to limit this for normal OPC UA application instance certificates to one URI entry.

Allowing more URIs would create major interop issues

Issue History

Date Modified Username Field Change
2025-10-20 09:08 Matthias Isele New Issue
2025-10-21 16:10 Jim Luth Note Added: 0023479
2025-10-21 16:14 Jim Luth Assigned To => Randy Armstrong
2025-10-21 16:14 Jim Luth Status new => assigned
2025-10-21 16:17 Jim Luth Commit Version => 1.05.07 RC1
2025-10-21 16:17 Jim Luth Fix Due Date => 2025-11-15
2025-10-22 12:11 Matthias Damm Note Added: 0023481