BLUE User Guide
Click here to see this page in full context
  1. Home >
  2. Configuring the System >
  3. Data Access (Remote Operation) Settings >
  4. Connecting to OPC/UA Server

Connecting to OPC/UA Server

This section describes the steps to configure the OPC UA Server Settings in the display unit.

WARNING

unintended equipment operation

Application designer must be cautious in exposing variables to OPC UA client. As it is accessible and modifiable by any clients.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

Note:

  • For information on the models which support the OPC UA Server, see the following.

    Supported Model/Feature.

  • The OPC UA server can also be used with [Simulate] and [Device Simulate].

  1. In Project Explorer window, go to [System Architecture] and click [Target01].
  2. In Properties window, go to [Advanced] tab ➞ [Data Access] tab and click [OPC UA Server].
  3. Select [Enable] and configure the below properties:

    Property

    Description

    [Transport Protocol]

    Select the transport protocol.

    [Port Number]

    Set the Port Number for data communication.

    [Data Format]

    Select the Data Format.

    [Security Policy]

    Select required [Security Policy]. You can select [No Security] for communicating with the OPC UA Server without security. We recommend you to set the security policy.

    The following Security Policies are supported:

    • No Security
    • Aes256Sha256RsaPssSignAndEncrypt
    • Aes256Sha256RsaPssSign
    • Aes128Sha256RsaOaepSignAndEncrypt
    • Aes128Sha256RsaOaepSign
    • Basic256Sha256SignAndEncrypt
    • Basic256Sha256Sign
    • Basic256SignAndEncrypt
    • Basic256Sign
    • Basic128Rsa15SignAndEncrypt
    • Basic128Rsa15Sign

    We recommend using one of the higher security policies based on AES (Advanced Encryption Standard), such as [Aes128Sha256RsaOaepSign].

    [Trusted Certificates]

    [Issuers Certificates]

    Choose the desired option from following and set [Number of Certificates] and [Number of CRL].

    [Trusted Certificates]: Use this for Self-signed or CA Certificates needed to be verified.  

    [Issuers Certificates]: Use this for CA certificates needed to be verified by a chain of CA.

    [Number of Certificates] Set the [Number of Certificates] and select the certificate file from [Certificate File Path]  . If no security is selected in [Security Policy], then no need to set [Number of Certificates].

    Note:

    • The maximum number of certificate files is 100.
    • The file, which is already used in other [Certificate File Path] of [Trusted Certificates] or [Issuers Certificates], cannot be used. Even if the file has different name and same content with other, the file cannot be used.
    [Number of CRL] Set the [Number of CRL] and select the CRL (Certificate Revocation List) file from [Certificate File Path].

    Note:

    • The number of CRL files is equal to or less than the number of certificate files.
    • The file, which is already used in other [Certificate File Path] of [Trusted Certificates] or [Issuers Certificates], cannot be used. Even if the file has different name and same content with other, the file cannot be used.

    [Security Setting]

    When restricting the user according to the user access level of OPC UA, select [Enable] and set the security level. The user access level is as follows:

    User Access Level Description
    [Security Level For Browse] User can see the Server properties and variable names.
    [Security Level For Read] User has Browse level privilege and can see variable value.
    [Security Level For ReadWrite] User can Read/Write variable value. This includes Read level privilege.

    [Node ID Naming Format]

    Select the naming format for variables shared by the OPC UA server with external devices on the network.

    [Simplified]: (default) Naming format consistent with OPC UA naming conventions.

    [Compatible]: Naming format compatible with screen editing software 3.3 Service Pack 1 or earlier.

    Note:

    • You cannot use binding or script to dynamically change the value of this property.

    Variable Name

    Node ID Naming Format

    [Compatible] Version 3.3 Service Pack 1 or earlier

    [Simplified] Version 3.4 or later

    Var1[0]

    Target01.Var1.Var1[0]

    Target01.Var1[0]

    Var1[1,1]

    Target01.Var1.Var1[1,1]

    Target01.Var1[1,1]

    Var2.BOOL1

    Target01.Var2.Var2.BOOL1

    Target01.Var2.BOOL1

    Folder1.Var1[0]

    Target01.Folder1.Var1.Folder1.Var1[0]

    Target01.Folder1.Var1[0]

    • Changing the [Node ID Naming Format] may cause references by other devices on the network to not work anymore.

    [Save in]

    [Destination Folder]

    Set the export destination of the OPC UA server certificate, which is used for the pre-registration of OPC UA clients.

    [Save in]: Select either external storage or local storage as the export destination.

    [Destination Folder]: Specify up to 256 characters for the path of the export destination. Use single-byte or multi-byte characters in the path, except for the following special characters.

    * ? " < > |

    Note: The OPC UA server certificate is exported from the hardware configuration screen.

    From the hardware configuration screen, open [OPC UA Server] and from the [Certificate: Export Certificate] field, touch the [Export] button.

    If the OPC UA server certificate needs to be regenerated as a result of it expiring or other reasons, from the [Regenerate Certificate] field, touch the [Generate and Reboot] button. Once the certificate is regenerated, previously exported OPC UA server certificates become invalid.

  1. In Project Explorer window, click [All Variables] and create a variable.

  1. Select the required option to share the variable data from [Data Sharing].

    Note: The OPC UA server cannot share the value of local variables on a screen. If you want to share the value of a local variable, associate the value of the local variable as a binding source to an internal variable set to [Data Sharing].

An Effective Data Type

The following data type can be used. The data type descriptions are different from OPC UA.

Data Type Data Type of OPC UA

BOOL

 Boolean
BYTE Byte
SINT SByte
INT Int16
DINT Int32
LINT Int64
UINT UInt16
UDINT UInt32
ULINT UInt64
REAL Float
LREAL Double
STRING*1 String
WSTRING String
TIME Int32

*1 When using a string variable with its [Variable Length] property enabled, the variable can store up to 512 bytes (UTF-8 encoding).

OPC UA Server's Certificate details

Common Name

BLUE_OPCUA_Server@IP Address*1

Organization

Pro-face

Organization Unit

HMI

Locality

-

State

-

Country

JP

Domain Component

IP Address*1

URI

urn:IP Address*1:Pro-face:BLUE_OPCUA_Server

*1 When using OPC UA Server on Windows OS, it is displayed Windows' computer name instead of IP Address.

Note: Once the OPC UA Server certificate is activated, the certificate is valid for 5 years and the certified date of certificate is same as the date of a display unit. When renewing the expiration date, touch [Reissue and Reboot] from the OPC UA Server menu in Hardware Configuration. After a restart of a display unit, a new certificate file is issued.

OPC Foundation Certified Details

Category

Description

Profiles

Nano Embedded Device Server
Micro Embedded Device Server
Security Category SecurityPolicy-Aes128Sha256RsaOaep
SecurityPolicy-Aes256Sha256RsaPss
SecurityPolicy-Basic128Rsa15
SecurityPolicy-Basic256
SecurityPolicy-Basic256Sha256
SecurityPolicy-None
Server Category Base Server Behavior
Core Server
Embedded DataChange Subscription Server
Enhanced DataChange Subscription Server
Standard DataChange Subscription Server
User Token – User Name Password Server
Transport Category UA-TCP UA-SC UA Binary

Copyright (C) 2025 Schneider Electric Japan Holdings Ltd. All Rights Reserved. |BLUE 4.2 (Manual Version : 4.2.0.000)| User Guide