OPC-UA Client Security Configuration

The following section lists the OPC-UA client Security Configuration.

• Supported Policies
  • None
  • Basic256
  • Basic128Rsa15
  • Basic256Sha256
  • Aes128Sha256RsaOaep
  • Aes256Sha256RsaPss
• Authentication Settings Supported:
  • Anonymous
  • Username/Password
  • Certificate1 Security using X.509 Certificates and Message Security Mode is not supported on VxWorks platforms or Asset Gateway for B+B SmartWorx Spectre V3.
• On driver startup, the OPC UA Driver will check if the following folders and files are created for the Public Key Infrastructure (PKI):
  1. staging/uaclient/pki
  2. staging/uaclient/pki/own
  3. staging/uaclient/pki/own/uaclientcert.der(The client's certificate)
  4. dwcore/certs/uaclient/uaclientkey.nopass.pem (Private Key not password protected by default)
  5. staging/uaclient/pki/rejected
  6. staging/uaclient/pki/trusted
  7. staging/uaclient/pki/trusted/certs
  8. staging/uaclient/pki/trusted/crl
  9. staging/uaclient/pki/identity_tokens(Holds X.509 Identity Tokens for login to a server)

If the PKI is not created or is missing files, the OPC UA Driver will recreate the files and folders listed above. The certificate that is generated by the client driver is a self-signed certificate. The private key pair is stored under dwcore/certs/uaclient/uaclientkey.nopass.pem, where it is not password protected and cannot be retrieved/replaced with the staging browser on the workbench. When Security Policy is set to anything but None the client will use the certificate staging/uaclient/pki/own/uaclientcert.der to connect to servers. To connect to an OPC UA server the server`s certificate must be found in the staging/uaclient/pki/trusted/certs folder.

For more information on security related errors, see OPC-UA Client driver troubleshooting