OPC UA: Using same certificate and private key for both secure channel and session

0
votes

OPC UA allows for using different certificates and private keys for establishing the secure channel and for creating the session, i.e. authenticating the client.

I'm creating a client to connect to an OPC UA server and I'm trying to keep thins as simple as possible, therefore I'm considering allowing to set just a certificate and private key, and if certificate authentication is desired then re-use that very cert. and private key.

Is this a safe assumption or are there real world reasons not to couple the secure channel and the session to the same certificate?

2
opc-ua

2 Answers

1
votes

That's how the applications usually do it, when using UA TCP transport protocol, so yes.

With HTTPS transport, you will need a separate certificate for transport and authentication. But HTTPS is optional.

1
votes

In an Android client that I wrote, in the settings, the user can choose the common name of both certificates and they are automatically created

That helps the server administrator to identify who the connection attempt corresponds to, although if the user puts the same name for both then the same cert is used for the secure channel and session.