The provisioning mode is intended to enable the initial security configuration of the server using UA GDS functionality. In provisioning mode the server accepts untrusted certificates, but requires password authentication. Therefor the client (e.g. GDS server) needs to authenticate as "SecurityAdmin". This allows the GDS to install the initial certificate and trustlist. As soon as the server has a valid security configuration, it will not enter the provisioning mode anymore when started.

In provisioning mode the server utilizes a reduced functionality. Only the server provider is started. Any other specified providers are not started and not usable while the server is in provisioning mode.

Enabling Provisioning Mode

The provisioning mode is entered via a command line option when the server is started. The option is:

./uaserverhp -g

The second possibility is to set the "enable_provisioning_mode" option within the "server" section in the configuration file.

[server]

enable_provisioning_mode = 1

These options have only an effect when the trustlist is empty.

Prerequisites to enter the provisioning mode.

The following prerequisites need to be fulfilled:

Certificate support must be on (CMake option "HAVE_PKI").
The trust list of the server must be empty. In the default configuration this would be "embeddedstack/bin/pki_store_0/trusted/". If the trust list is not empty the provisioning mode is not activated. This is not treated as an error and the server will start in normal mode.

Leaving the Provisioning Mode

To leave the provisioning mode the server needs to be restarted.