OPC UA Server¶
On this page you can configure everything to receive CMTK data via the OPC UA protocol. To install the OPC UA Server, download the APP and install it on the CMTK.
The server settings can then be found under Settings > IoT Communication > OPC UA Server
Activate OPC UA server¶
To activate the server, activate the toggle OPC UA active and save the change.
Authentication methods¶
In principle, several authentication methods are available for authentication between the OPC UA server and OPC UA clients. These can be activated or deactivated separately. It is also possible to use the different authentication methods in parallel.
Anonymous¶
If this authentication method is enabled, an OPC UA client can connect without a separate login.
Username/Password¶
This authentication method requires a user name and password to connect to the OPC UA server. You can specify these in the input mask and activate them by saving.
Certificate¶
It is possible to use a user certificate and corresponding key created by an OPC UA client for authentication. To do this, you must upload the corresponding user certificate from the client to the CMTK using the corresponding function. Only the following certificate formats are valid, .crt, .pem or .der.
Server Certificate¶
A server certificate can be used to authenticate the server. The CA certificate can be downloaded in the Certificates area. If the client does not support CA certificates, the server certificate in the OPC UA server settings can also be used. Both certificates can be renewed using the Renew certificate button in the Certificates area.
The format of the server certificate can be chosen, from .crt, .der or .pem
Supported encryptions¶
In principle, there are various options available for encrypting communication between OPC UA clients and OPC UA servers. This is selected by the OPC UA client. The following encryptions are supported by the CMTK's OPC UA server:
- None
- Basic128Rsa15
- Basic256
- Basic256Sha256
- Aes128Sha256RsaOaep
Note
Basic128Rsa15 + Basic256 are classified as deprecated by the OPC UA Foundation. Their use is therefore not recommended.
Note
The OPC UA Server certificate should not be confused with the OPC UA Client certificate and the OPC UA User certificate. These are three different certificates.
Note
The server currently accepts any client certificate. Access restriction is regulated by the 3 authentication mechanisms.
OPC UA message structure, port and data rate¶
Information on the basic structure of the process data of an OPC UA message can be found under Information on the node set. You will see an example of the message structure.
The address space looks like this. The marked area shows the process data of a BCM.
Note
You can examine the exact structure of OPC UA messages with tools like UAExpert.
Note
Communication takes place via port 4840. This cannot be changed and may need to be released in your IT network.
Note
With OPC UA, we follow the “IO-Link Companion Specification” except for the functionalities related to the IODD (Exception: process data and unit). This can be found here: Companion-Specification