View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000602410000-004: ServicesSpecpublic2020-09-16 19:402020-09-17 15:54
ReporterMatthias Damm Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Summary0006024: Add clarifications regarding certificate replacement to 6.7 Re-establishing connections
Description

Based on further discussion in BSI-OPC UA Security WG Taskforce:

We should describe the concrete status code Bad_CertificateInvalid that indicates the server certificate change.

We should also describe the client certificate change. Maybe create even a sub chapter. We clarified TransferSubscription but we do not state any detail here.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0006035 assignedPaul Hunkar Compliance Test Tool (CTT) Unified Architecture Add clarifications regarding certificate replacement to 6.7 Re-establishing connections 

Activities

Matthias Damm

2020-09-16 19:42

developer   ~0012887

6.7 Re-establishing connections

Replaced:
Re-establishing the connection by creating a new SecureChannel may be rejected, because of a new Server Application Instance Certificate or other security errors. In case of security failures, the Client shall use the GetEndpoints Service to fetch the most up to date security information from the Server
With:
Re-establishing the connection by creating a new SecureChannel may be rejected, because of a new Server Application Instance Certificate or other security errors. OpenSecureChannel returns Bad_CertificateInvalid in the case of a new Server Application Instance Certificate. In case of security failures, the Client shall use the GetEndpoints Service to fetch the most up to date security information from the Server.
If the Client Application Instance Certificate is updated, the Client must create a new Session since the Session does not allow a update of the Client Application Instance Certificate. The Client shall try to transfer existing Subscriptions to the new Session. Transfer subscription must be accepted by a Server even for Anonymous user if the Client does not change i.e. the ApplicationUri of the Client does not change.

Updated in OPC 10000-4 - UA Specification Part 4 - Services 1.05.0 Draft11.docx

Jim Luth

2020-09-17 15:54

administrator   ~0012923

Agreed to changes in Virtual F2F.

Issue History

Date Modified Username Field Change
2020-09-16 19:40 Matthias Damm New Issue
2020-09-16 19:40 Matthias Damm Status new => assigned
2020-09-16 19:40 Matthias Damm Assigned To => Matthias Damm
2020-09-16 19:42 Matthias Damm Status assigned => resolved
2020-09-16 19:42 Matthias Damm Resolution open => fixed
2020-09-16 19:42 Matthias Damm Note Added: 0012887
2020-09-17 15:47 Jim Luth Issue cloned: 0006035
2020-09-17 15:47 Jim Luth Relationship added related to 0006035
2020-09-17 15:54 Jim Luth Status resolved => closed
2020-09-17 15:54 Jim Luth Fixed in Version => 1.05
2020-09-17 15:54 Jim Luth Note Added: 0012923