Skip to content

OPC UA Server

On this page you can configure everything to receive CMTK data via the OPC UA protocol. To install the OPC UA Server, download the APP and install it on the CMTK.


The server settings can then be found under Settings > IoT Communication > OPC UA Server

OPC UA Server Settings

Activate OPC UA server

To activate the server, activate the toggle OPC UA active and save the change.

OPC UA Server Settings

Authentication methods

In principle, several authentication methods are available for authentication between the OPC UA server and OPC UA clients. These can be activated or deactivated separately. It is also possible to use the different authentication methods in parallel.

Anonymous

If this authentication method is enabled, an OPC UA client can connect without a separate login.

Username/Password

This authentication method requires a user name and password to connect to the OPC UA server. You can specify these in the input mask and activate them by saving.

OPC UA Server Username / Password

Certificate

It is possible to use a user certificate and corresponding key created by an OPC UA client for authentication. To do this, you must upload the corresponding user certificate from the client to the CMTK using the corresponding function. Only the following certificate formats are valid, .crt, .pem or .der.

OPC UA Server Certificate

Server Certificate

A server certificate can be used to authenticate the server. The CA certificate can be downloaded in the Certificates area. If the client does not support CA certificates, the server certificate in the OPC UA server settings can also be used. Both certificates can be renewed using the Renew certificate button in the Certificates area.

The format of the server certificate can be chosen, from .crt, .der or .pem

OPC UA Server Format Options

Supported encryptions

In principle, there are various options available for encrypting communication between OPC UA clients and OPC UA servers. This is selected by the OPC UA client. The following encryptions are supported by the CMTK's OPC UA server:

  • None
  • Basic128Rsa15
  • Basic256
  • Basic256Sha256
  • Aes128Sha256RsaOaep

Note

Basic128Rsa15 + Basic256 are classified as deprecated by the OPC UA Foundation. Their use is therefore not recommended.

Note

The OPC UA Server certificate should not be confused with the OPC UA Client certificate and the OPC UA User certificate. These are three different certificates.

Note

The server currently accepts any client certificate. Access restriction is regulated by the 3 authentication mechanisms.

OPC UA message structure, port and data rate

Information on the basic structure of the process data of an OPC UA message can be found under Information on the node set. You will see an example of the message structure.

Information about the NodeSet

The address space looks like this. The marked area shows the process data of a BCM.

Address space, recording using UAExpert

Note

You can examine the exact structure of OPC UA messages with tools like UAExpert.

Note

Communication takes place via port 4840. This cannot be changed and may need to be released in your IT network.

Note

With OPC UA, we follow the “IO-Link Companion Specification” except for the functionalities related to the IODD (Exception: process data and unit). This can be found here: Companion-Specification