OPC Unified Architecture (OPC UA) is a protocol for industrial automation. This protocol, which is managed by OPC Foundation, is a successor of the successful and often used OPC (OPC DA or OPC Classic) protocol. Unlike its predecessor, it is not based on on Windows technologies (OLE, COM), thus available also on other platforms (e.g. PLC Simatic, or Bernecker & Rainer).
...
Value types on the side of the D2000 OPC UA server:
- Boolean (objects of Line type, values of boolean type - De/Di/Dout)
- DateTime (values of absolute time type - TmA/TiA/ToA)
- Double (values of real type - Re/Ai/Ao, relative time - TmR/TiR/ToR)
- Int32 (objects of Station/Alarm/Process types, values of type quadstate - Qi)
- Int64 (values of integer type - Int/Ci/Co) *
- String (values of text type - Txt/TxtI/TxtO)
| Kotva | ||||
|---|---|---|---|---|
|
- --INT32INV values of type Int/Ci/Co will be represented as Int32 in the D2000 OPC UA server, values outside the range of Int32 will be invalidated
- --INT32SAT values of type Int/Ci/Co will be represented as Int32 in the D2000 OPC UA server, values outside the range Int32 will be saturated
...
| Parameter | Value |
|---|---|
| application_name | name of the application |
| application_uri | URI applications |
| pki_dir | full path to PKI directory structure (e.g. 'c:\D2000\D2000_APP\application1\opcuaserver\pki') |
| tcp_config.host | the address of the network adapter on which the OPC UA Server accepts connections (0.0.0.0 for all network adapters) |
| tcp_config.port | the port on which OPC UA Server accepts connections |
| user_tokens | the list of configured users under which OPC UA clients can log in |
| endpoints | the list of access points of the OPC UA Server |
The configuration file is read during the OPC UA Server startup, so the adjustments of parameters in the file will show only after a restart. If the PKI directory structure does not exist, the OPC UA Server creates it (empty, without keys and certificates), based on the settings of pki_dir parameter.
...
For running a secure communication between OPC UA Server and the OPC UA client, it is necessary for OPC UA Server to create a PKI directory structure, private key, and a certificate.
Directory The directory structure consists of the following directories:
| directory name | description |
|---|---|
pki/ | PKI directory |
pki/private/ | directory with a private key of the OPC UA Server |
pki/own/ | directory with a public certificate of OPC UA Server |
pki/rejected/ | directory with a certificate of denied clients |
pki/trusted/ | directory with a certificate of allowed clients |
...
Private key generation and certificate signing request using requests using openssl utility :
| Blok kódu | ||
|---|---|---|
| ||
openssl req -out csr.csr -new -newkey rsa:2048 -nodes -keyout pki/private/private.pem |
...
OPC UA Server sends its certificate to the OPC UA client during the establishment of establishing a secured connection. When an unknown OPC UA client connects, OPC UA Server rejects the client and saves their certificate into "pki/rejected/" directory. After that, the administrator of the D2000 application has to manually move that certificate into "pki/trusted/" directory. This ensures that the server will consider the given client trustworthy and will accept the connection.
...