What is the best way to implement Global Discovery Server and Certificate Management? Does open62541 support these services or is there some better library that could be used (not necessarily open source)?
Asked
Active
Viewed 485 times
1 Answers
1
There is a sample code for a GDS from the OPC Foundation here. But it is only community maintained and managing devices via Pull and Push can be quite cumbersome with the GDS Client application. But it was used for a while in IOP Workshops and for V1.04 operation with RSA certs should still work according to standards. There are some commercial GDS offerings in the pipeline by different vendors, given security is in the play I recommend use rather commercial ones. For implementing and testing the GDS Pull/Push services for a UA server the sample server should be sufficient.
mregen
- 26
- 2
-
Thank you for your help! Do you maybe know if it would be possible to edit sample client to connect to GDS directly without using GDS Client applications? Also, would it be possible to edit issued certificate (e.g. validation period) to try out the certificate renewal? – darlene Sep 20 '21 at 09:23
-
There is a [nuget](https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua.Gds.Client.Common/) package which contains client functions to implement GDS Pull. With GDS you don't edit a cert, you can issue a new one with a CSR or let the GDS create the public/private key. However, to create and sign certs, there is another [nuget](https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua.Security.Certificates/) package helper to build certificates. – mregen Sep 22 '21 at 06:20