High Performance OPC UA Server SDK
1.5.2.321
|
The provisioning mode is intended to enable the initial security configuration of the server using UA GDS functionality. In provisioning mode the server accepts untrusted certificates, but requires password authentication. Therefor the client (e.g. GDS server) needs to authenticate as "SecurityAdmin". This allows the GDS to install the initial certificate and trustlist. As soon as the server has a valid security configuration, it will not enter the provisioning mode anymore when started.
In provisioning mode the server utilizes a reduced functionality. Only the server provider is started. Any other specified providers are not started and not usable while the server is in provisioning mode.
Important note: The issuing CA certificate must be added to the trustlist before the CA issued application instance certificate is added. Only trusted certificates will be accepted. Without the issuing CA certificate the certificate cannot be verified.
The provisioning mode is entered via a command line option when the server is started. The option is:
./uaserverhp -g
The second possibility is to set the "enable_provisioning_mode" option within the "server" section in the configuration file.
[server] enable_provisioning_mode = 1
These options have only an effect when the trustlist is empty.
The following prerequisites need to be fulfilled:
To leave the provisioning mode the server needs to be restarted.