1 files changed, 41 insertions, 20 deletions

diff --git a/config/client_find_servers.conf b/config/client_find_servers.conf
index a9e29c8..bc16b18 100644
--- a/config/client_find_servers.conf
+++ b/config/client_find_servers.conf
@@ -1,29 +1,50 @@
 # ClientFindServers configuration
 #
-# Keys:
+# Shared keys:
 #   discoveryEndpoint   LDS endpoint URL (e.g. opc.tcp://localhost:4840)
 #   applicationUri      OPC UA application URI
-#   certificate         Path to client certificate (.der)
-#   privateKey          Path to client private key (.der)
-#   securityMode        None, Sign, or SignAndEncrypt
-#   securityPolicy      None, Basic256Sha256, Aes256_Sha256_RsaPss,
-#                       Aes128_Sha256_RsaOaep, or ECC_nistP256
-#   authMode            "anonymous" or "user"
-#   username            Username (required when authMode = user)
-#   password            Password (required when authMode = user)
-#   trustList           Trusted certificate path (repeat for multiple)
+#
+# Discovery-side keys (LDS connection):
+#   discoveryCertificate      Path to certificate for LDS connections (.der)
+#   discoveryPrivateKey       Path to private key for LDS connections (.der)
+#   discoverySecurityMode     None, Sign, or SignAndEncrypt
+#   discoverySecurityPolicy   None, Basic256Sha256, Aes256_Sha256_RsaPss,
+#                             Aes128_Sha256_RsaOaep, or ECC_nistP256
+#   discoveryAuthMode         "anonymous" or "user"
+#   discoveryUsername         Username (required when discoveryAuthMode = user)
+#   discoveryPassword         Password (required when discoveryAuthMode = user)
+#   discoveryTrustList        Trusted certificate path (repeat for multiple)
+#
+# Server-side keys (connections to discovered servers):
+#   serverCertificate         Path to certificate for server connections (.der)
+#   serverPrivateKey          Path to private key for server connections (.der)
+#   serverSecurityMode        None, Sign, or SignAndEncrypt
+#   serverSecurityPolicy      None, Basic256Sha256, Aes256_Sha256_RsaPss,
+#                             Aes128_Sha256_RsaOaep, or ECC_nistP256
+#   serverAuthMode            "anonymous" or "user"
+#   serverUsername            Username (required when serverAuthMode = user)
+#   serverPassword            Password (required when serverAuthMode = user)
+#   serverTrustList           Trusted certificate path (repeat for multiple)
 
 discoveryEndpoint = opc.tcp://localhost:4840
 applicationUri = urn:bobink.ClientFindServers
-certificate = certs/ClientFindServers_cert.der
-privateKey = certs/ClientFindServers_key.der
-
-securityMode = SignAndEncrypt
-securityPolicy = Aes128_Sha256_RsaOaep
 
-authMode = user
-username = user
-password = password
+# Discovery (LDS) side
+discoveryCertificate = certs/ClientFindServers_cert.der
+discoveryPrivateKey = certs/ClientFindServers_key.der
+discoverySecurityMode = SignAndEncrypt
+discoverySecurityPolicy = Aes128_Sha256_RsaOaep
+discoveryAuthMode = user
+discoveryUsername = user
+discoveryPassword = password
+discoveryTrustList = certs/ServerLDS_cert.der
 
-trustList = certs/ServerLDS_cert.der
-trustList = certs/ServerRegister_cert.der
+# Server side
+serverCertificate = certs/ClientFindServers_cert.der
+serverPrivateKey = certs/ClientFindServers_key.der
+serverSecurityMode = SignAndEncrypt
+serverSecurityPolicy = Aes128_Sha256_RsaOaep
+serverAuthMode = user
+serverUsername = user
+serverPassword = password
+serverTrustList = certs/ServerRegister_cert.der