Today is...
Monday, August 20, 2018
Welcome to Control.com, the global online
community of automation professionals.
Featured Video...
Featured Video
Watch an animation of a conveyor stacking operation demonstrating the use of a move on a gear command.
Our Advertisers
Help keep our servers running...
Patronize our advertisers!
Visit our Post Archive
OPC UA + CA
Best practice of using on CA in OPC UA?

Hello,

I am making architecture of system with multiple servers and clients. >300 units in total.

Currently busy with Security. And want to make use of CA.

The main question is not clear for me is how it is simplifying managing certificates? Why "When a Digital Certificate expires and is replaced, the administrator will only need to replace the expired Digital Certificate (Public Keys and Private Keys), there will be no need to copy a Public Key to any locations." (Part 2, 8.1.3.)

It is not completely clear for me the big picture of how Certificate Authority should work. My wish is to integrate with existing in company systems (EJB-CA). So, we can have central place to manage all certificates and access. And automate is as much as possible.

Should I make (Global) Discovery Server with UI where administrator manages certificates(create, update and distribute), access and permissions?

What is the "best practice" for this?

Should I provide more information?

Mikl