Certificate security plugin: Difference between revisions
From OPC Labs Knowledge Base
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
! {{Style=Identifier|AllowInteractive}} setting | ! {{Style=Identifier|AllowInteractive}} setting | ||
! Get local certificates | ! Get local certificates | ||
! | ! Validate remote certificate | ||
|- | |- | ||
|False | |False | ||
|False | |False | ||
| | |The consumer will use its default behavior for obtaining local certificates. | ||
| | |The consumer will use its default behavior for validating the remote certificate. | ||
|- | |- | ||
|False | |False | ||
|True | |True | ||
| | |The user is allowed to supply the local certificates (depending on the capabilities of the interaction provider), or use the provided defaults. The default local certificates for the interaction are given by the {{Style=Identifier|StaticCertificateSecurityParameters}}.{{Style=Identifier|LocalCertificatesQuery}} setting (even though the AllowStatic is set False). | ||
| | |The user is allowed to accept or reject the remote certificate. | ||
|- | |- | ||
|True | |True | ||
|False | |False | ||
| | |Local certificates are obtained according to {{Style=Identifier|StaticCertificateSecurityParameters}}.{{Style=Identifier|LocalCertificatesQuery}} setting (can be read from certificate files, and/or found in certificate store). | ||
| | |The remote certificate is accepted if it complies with the {{Style=Identifier|StaticCertificateSecurityParameters}}.{{Style=Identifier|RemoteCertificateAcceptancePolicy}} setting. | ||
|- | |- | ||
|True | |True | ||
|True | |True | ||
| | |Local certificates are obtained according to {{Style=Identifier|StaticCertificateSecurityParameters}}.{{Style=Identifier|LocalCertificatesQuery}} setting (can be read from certificate files, and/or found in certificate store). | ||
| | |The remote certificate is accepted if it complies with the {{Style=Identifier|StaticCertificateSecurityParameters}}.{{Style=Identifier|RemoteCertificateAcceptancePolicy}} setting. Otherwise, the user is allowed to accept or reject the remote certificate. | ||
|} | |} | ||
Revision as of 19:55, 23 December 2019
| AllowStatic setting | AllowInteractive setting | Get local certificates | Validate remote certificate |
|---|---|---|---|
| False | False | The consumer will use its default behavior for obtaining local certificates. | The consumer will use its default behavior for validating the remote certificate. |
| False | True | The user is allowed to supply the local certificates (depending on the capabilities of the interaction provider), or use the provided defaults. The default local certificates for the interaction are given by the StaticCertificateSecurityParameters.LocalCertificatesQuery setting (even though the AllowStatic is set False). | The user is allowed to accept or reject the remote certificate. |
| True | False | Local certificates are obtained according to StaticCertificateSecurityParameters.LocalCertificatesQuery setting (can be read from certificate files, and/or found in certificate store). | The remote certificate is accepted if it complies with the StaticCertificateSecurityParameters.RemoteCertificateAcceptancePolicy setting. |
| True | True | Local certificates are obtained according to StaticCertificateSecurityParameters.LocalCertificatesQuery setting (can be read from certificate files, and/or found in certificate store). | The remote certificate is accepted if it complies with the StaticCertificateSecurityParameters.RemoteCertificateAcceptancePolicy setting. Otherwise, the user is allowed to accept or reject the remote certificate. |
