Setting Example 1

OPC UA Connection

Click here to see this page in full context

External Device Settings

Configure the OPC UA Server as follows.

Protocol	TCP
IP Address	192.168.1.1
Port	48010
Data Format	OPC UA Binary

Display Settings

Set the [Equipment] properties as follows in BLUE.

[Transport Protocol]	UA TCP
[End Point URL]	opc.tcp://192.168.1.1:48010
[Data Format]	UA Binary
[Security Policy Type]	Aes256Sha256RsaPssSignAndEncrypt Note: Match the OPC UA Server settings.

Certificate Registration

To enable encrypted communication, the self-signed certificates of both the OPC UA Server and the Display must be registered with each other.

Issue the server’s self-signed certificate in the OPC UA Server.
Example: If the OPC UA Server is the display unit, from the Hardware Configuration screen, go to the OPC UA Server settings and touch the [Export] button. The server's self-signed certificate is exported to the folder specified in the [Certificate: Save In] and [Certificate: Destination Folder] fields.
In BLUE, from the OPC UA Connection driver’s [Equipment] area, select the equipment to configure and set the server's self-signed certificate in the [Certificate File Path] field below the [Trusted Certificate] heading.

In BLUE, configure the properties of the OPC UA Connection driver as follows.

[Save In (Certificate)]	Specify the external storage for exporting the Display’s self-signed certificate.
[Destination Folder (Certificate)]	Specify the folder path for saving the Display’s self-signed certificate.

Transfer the project to the Display.
From the Hardware Configuration screen, go to the OPC UA Connection driver’s settings and touch the [Export] button. The Display’s self-signed certificate is exported to the folder specified in the [Certificate: Save In] and [Certificate: Destination Folder] fields.
The self-signed certificate file name is Pro-face_BLUE_OPC_UA_Client.der.
Register the generated Display’s self-signed certificate in the OPC UA Server’s Trusted Certificate list.
Example: If the OPC UA Server is the display unit, from the Properties window for Target01 in BLUE, go to [OPC UA Server] > [Security Policy], and set the self-signed certificate in [Trusted Certificates] > [Certificate File Path]. Then, transfer the project.

NOTE

Once the Display’s self-signed certificate is activated, the certificate is valid for 5 years and the certified date of certificate is same as the date of a Display. When renewing the expiration date, touch [Generate and Reboot] from the OPC UA Connection menu in Hardware Configuration. After a restart of a Display, a new certificate file is issued.
When using this driver in simulation, a self-signed certificate for the Display is generated each time simulation is run. Therefore, to use encrypted communication during simulation, you must register the certificate every time you start simulation.

Configuring User Authentication

Configure the user authentication method for communication with the OPC UA Server. In BLUE, go to [Equipment] > [User Authentication Settings] > [Supported Settings] and set the user authentication method.

[Certificate and Private Key]
Authenticate using a certificate. Set the certificate file (*.der) in the [Certificate File Path] field and the private key file (*.pem) in the [Private Key] field.
NOTE
- When using certificate and private key for user authentication, the OPC UA Server's self-signed certificate must be registered as a [Trusted Certificate], regardless of the [Security Policy Type] setting.
[Username and Password]
Authenticate using a user name and password. Enter the user name and password configured on the OPC UA Server.
NOTE
- When using username and password for user authentication, the OPC UA Server's self-signed certificate must be registered as a [Trusted Certificate], regardless of the [Security Policy Type] setting.
[Anonymous]
No user authentication is used.
NOTE
- If [Anonymous] is selected, this property displays a security warning status as well as a security warning in the error window.