Self Signed Certificate¶
The simplest type are self signed certificates. Self signed certificates are not signed by a public certification authority. Self Signed Zerts are generated by the OPC UA server itself. For this reason, external or public OPC UA applications should not trust these certificates. However, these certificates are sufficient for the test or in an internal environment.
CA certificates are issued by a public certification authority. CA certificates are used to sign Application certificates and Intermdiate Certificates and are combined into a Cert chain. If a CA certificate is trusted, all derived certificates are also trusted.
An Application certificate is used for the encryption and signature of OPC UA communication connections for an application. An application certificate can be self-signed, signed by a CA certificate or signed by an intermediate certificate.
Intermediate certificates are used to group application certificates. A intermediate certificate is signed by a CA certificates or a other intermediate certificate. If a intermediate certificate is trusted, all derived certificates are also trusted.