Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
sp_Search Search
Advanced Search
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Search Search
Go to Bottom
No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Cerfificate handling with multiple ua clients
October 21, 2019
13:12, EEST
Avatar
ivfa
Member
Members
Forum Posts: 8
Member Since:
October 21, 2019
sp_UserOfflineSmall Offline
Go to Top
1sp_Permalink sp_Print

Hi,
i have a question regarding certificate handling with multiple ua clients.
We are migrating our application to run the ua client in a microservice architecture where the uaclient service runs in docker, is scaled to multiple instances and uses a pki infrastructure with Basic256Sha256SignEncrypt security mode and self signed certificates to connect to the opc servers.
My question is: should the uaclient service instances share one central certificate store and use the same public/private key pair and ApplicationDescription since it is essentially one application that connects to the servers (the instances have different internal ips in the docker network but i think are visible with the same external ip to the opc servers when connecting)?
Or should each service instance use its own key store, AppDescription and key pair? Each opc server is connected to one client instance at a time.
Are there any best practices or guidelines regarding security for running the uaclient in a scalable microservice architecture?
I hope my questions are not to confusing and am thankful for any information/experiences regarding this topic .
Thanks,
ivfa

October 21, 2019
14:57, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1009
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline
sp_UserWebsite
Go to Top
2sp_EditHistory sp_Permalink sp_Print

I would say that in this case it is reasonable to let the clients share their identity (ApplicationDescription, Certificate & Certificate Store), since they are supposed to look the same towards the servers anyway.

October 22, 2019
17:46, EEST
Avatar
ivfa
Member
Members
Forum Posts: 8
Member Since:
October 21, 2019
sp_UserOfflineSmall Offline
Go to Top
3sp_Permalink sp_Print

Thank you for the fast answer

No permission to create posts
sp_Feed All RSS
Go to top
Forum Timezone: Europe/Helsinki

Most Users Ever Online: 518

Currently Online:
16 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 135

pramanj: 86

Francesco Zambon: 81

rocket science: 77

ibrahim: 75

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

fred: 41

Member Stats:

Guest Posters: 0

Members: 685

Moderators: 16

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1467

Posts: 6259

Newest Members:

fidelduke938316, Jan-Pfizer, DavidROunc, fen.pang@woodside.com, aytule, rashadbrownrigg, christi10l, ahamad1, Flores Frederick, ellenmoss

Moderators: Jouni Aro: 1009, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 983, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 26, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 321, Lusetti: 0, Ari-Pekka Soikkeli: 5

Administrators: admin: 1