Security

In the OPC UA configuration panel the access data (user name and password) and the security profile for each server can be set. If the field for the user name is left empty, the client connects anonymously to the server.

There are the following settings for the security profile:

  • None
  • Basic128Rsa15
  • Basic256
  • Basic256Sha256
  • Aes128Sha256RsaOaep
  • Aes256Sha256RsaPss

If "none" is set, the communication takes place without encryption and unsigned. For the settings Basic128RAS1, Basic256 or Basic256SHA256 either the Sign or the Sign&Encrypt mode can be used. Thereby the authenticity of the messages, which are exchanged between the client and the server, is guaranteed and by means of the coding it is not possible to read them by third persons.

Independent of the security profile, the client has a certificate (ApplicationInstanceCertificate), which is created either by the client or by a Certificate Authority (CA). In the scope of the SecureChannel services certificates are exchanged even then, when the security profile is set to None. However, in this event a validation of the certificates does not take place. This process is executed by the communication stack or the SDK automatically. See also certificates. The certificate, which should be used by the client to connect the server can be set in the OPC UA configuration panel in the "Client certificate" input field. How to create individual certificates and accept unknown server certificates is described in the chapter Certificates.

The settings with which the client is able to logon to the server can be set in the internal data point of the type _OPCUAServer.