OPC-UA Driver Configuration
Plugin Configuration
The plugin configuration file is named settings.json
located in <install directory>\Config\HumanOS.UHAL.OpcUaControl\
. It contains all global settings of the plugin.
See Generic Plugin Configuration for more details.
Intermediate Data
The device driver puts different data to the folder .\Data\HumanOS.UHAL.OpcUaControl
.
- Log: log files when activating trace log
- CertificateStore: certificates (auto generated, trusted, issuer, rejected)
Device Information File
The device information file is used to configure the access to the OPC-UA devices. It contains:
Id
: unique device id (GUID), which MUST match the device license id.DriverId
:F022EE3C-A2A5-428A-B588-46ABACAE39EE
Address
: Connection address- Data Access
- Commands
- Alarm Events
See Device Information Model for more details.
Connection Address
The connection address is in URL notation. It starts with opc.tcp://
followed by hostname and optional port.
opc.tcp://localhost:4840
Additional Properties
Additional properties help to configure the client-server connection.
Name | Description | Data Type |
---|---|---|
opc:SecuritySelection | Security protocol selection of the endpoints: (None: no security requested (default); BestAvailable: select the best available security) | System.String |
opc:CertificateHandling | Handling of server certificates: (Strict: only trusted certificates allowed (default); AcceptAll: do not check the certificates) | System.String |
opc:StoreType | Specifies the store type, either 'Directory' or 'Windows', if left empty the 'Directory' type is taken | System.String |
opc:CertificatePath | Specifies the certificate path depending on the store type, see HumanOS® OpcUaServer manual for configuration. | System.String |
opc:CertificateTrustedPath | For StoreType Windows : Specifies path to trusted certificates. | System.String |
opc:CertificateIssuerPath | For StoreType Windows : Specifies path to issuer certificates. | System.String |
opc:CertificateRejectedPath | For StoreType Windows : Specifies path to rejected certificates. | System.String |
opc:CertificateSubject | For StoreType Windows : Specifies the application certificate subject name e.g. CN=servercert/O=myorg/DC=myhost | System.String |
opc:AutoGenerateClientCertificate | Automatically generates a client application certificate for the connecting device client. Default is false. | System.Boolean |
UserName | [opt] Username to login. Used to authenticate with username and password. | System.String |
Password | [opt] Password of the user. Used to authenticate with username and password. | System.String |
opc:ClientCertificate | [opt] Client certificate for authentication. Name of certificate (filename or subject name in windows store) | System.String |
opc:ClientCertificatePassword | [opt] Client certificate password unused for authentication. Optional password. | System.String |
opc:EnableTraceLog | [opt] Enabling the trace logger of the UaClient | System.Boolean |
opc:UseDiscoveredEndpointUrl | [opt] Set to 'true' to connect with the discovered endpoint url, otherwise the Url of the server address is used to prevent NAT issues | System.Boolean |
Notes for certificates and Windows Store:
Remember that some locations in 'LocalMachine' require UAC privileges and therefore can only be accessed if the software runs in an elevated context or the permissions are set correctly on the private key. If e.g. the error
One or more errors occurred. (Keyset does not exist)
is thrown, this means that either the keyset really doesn't exist, or the permission is not sufficient. To set the permission opencertlm
, navigate to the certificate, right click on it -> all tasks -> manage private keys and add the user or usergroup with read permission. Remember that locations likeLocalMachine\Root
cannot be permission edited.
Example with basic authentication and no secure connection:
{
"Name": "SiemensOpcUaControl",
"Id": "6ae9da3f-4606-4c78-9eb3-aa70cebcb571",
"DriverId": "F022EE3C-A2A5-428A-B588-46ABACAE39EE",
"Address": "opc.tcp://localhost:48050",
"Properties": [
{
"Name": "UserName",
"Value": "Guest"
},
{
"Name": "Password",
"Value": "Guest"
},
{
"Name": "opc:SecuritySelection",
"Value": "None"
},
{
"Name": "opc:CertificateHandling",
"Value": "AcceptAll"
}
]
}
Example with store based certificate secure connection:
{
"Name": "SiemensOpcUaControl",
"Id": "6ae9da3f-4606-4c78-9eb3-aa70cebcb571",
"DriverId": "F022EE3C-A2A5-428A-B588-46ABACAE39EE",
"Address": "opc.tcp://localhost:48050",
"Properties": [
{
"Name": "opc:CertificateHandling",
"DataType": "System.String",
"Value": "Strict"
},
{
"Name": "opc:StoreType",
"DataType": "System.String",
"Value": "Windows"
},
{
"Name": "opc:CertificatePath",
"DataType": "System.String",
"Value": "LocalMachine\\My"
},
{
"Name": "opc:CertificateTrustedPath",
"DataType": "System.String",
"Value": "LocalMachine\\Trust"
},
{
"Name": "opc:CertificateIssuerPath",
"DataType": "System.String",
"Value": "LocalMachine\\Root"
},
{
"Name": "opc:CertificateRejectedPath",
"DataType": "System.String",
"Value": "LocalMachine\\Disallowed"
},
{
"Name": "opc:CertificateSubject",
"DataType": "System.String",
"Value": "CN=MyCert/O=myorg/DC=myhost"
},
{
"Name": "opc:SecuritySelection",
"DataType": "System.String",
"Value": "BestAvailable"
}
]
}