...
OPC UA Server sends its certificate to OPC UA client during establishment of a secured connection. When unknown OPC UA client connects, OPC UA Server rejects the client and saves their certificate into "pki/rejected/" directory. After that, administrator of D2000 application has to manually move that certificate into "pki/trusted/" directory. This ensures that server will consider the given client trustworthy and will accept the connection.
Management of OPC UA Clients names and passwords
Configuration of OPC UA clients' names and passwords is in the opcuaserver.conf configuration file. Only a single user token sample_user with user name sample and password sample1 is predefined:
user_tokens:
sample_user:
user: sample
pass: sample1
User tokens as well as anonymous access (ANONYMOUS) permitted for individual endpoints are defined in definition of respective endpoints:
basic256sha256_sign_encrypt:
path: /
security_policy: Basic256Sha256
security_mode: SignAndEncrypt
security_level: 4
user_token_ids:
- ANONYMOUS
- sample_user