Configure OPC UA Settings

Note:  OPC UA server is only available on Reviewer Enterprise Edition with the EOS DIR License. Only users with the required permission (Manage OPC UA) can configure the OPC UA settings.

To activate the OPC UA option use the License Manager.

To configure OPC UA,

1. Go to Administration > OPC UA Settings.

2. Check the Enable option.
   
   You will now see the options to configure the OPC UA settings.

3. Specify the details as described below:

   Configuration Tab

   • Create compliance test tool tree: When checked (NOT recommended), this creates additional nodes in the address space that are required by the OPC Foundation for OPC UA compliance testing.

   • Network - Port: The port number used in the server URL (opc.tcp://< host name or IP address>:<port number>).

   • Security policies: Defines the algorithms and key lengths used by signing, and encryption to establish a secure connection.
     Available options are:
     • None - http://opcfoundation.org/UA/SecurityPolicy#None
     • Basic256Sha256 - http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
     • Aes128_Sha256_RsaOaep - http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep
     • Aes256_Sha256_RsaPss - http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss
   • Message Security Mode: Defines whether signing and encryption is used.
     Available options are:
     • None - No security is applied.
     • SignAndEncrypt - All messages are signed and encrypted.
     • Sign - All messages are signed but not encrypted.
     • Sign plus SignAndEncrypt - Both messages that are only signed, and messages that are signed and encrypted.
   Certificates Tab

   This page allows you to manage the server and OPC UA client(s) certificates.

   Server Certificate

   There is only one server certificate. It can either be a self-signed certificate automatically created by Reviewer, or a certificate authority (CA) signed certificate.

   On first start up, Data Reviewer will automatically create a self-signed certificate. You can click the New button to automatically generate another self-signed certificate.

   A CA certificate must be manually installed.

   To install a CA certificate manually,

   1. Copy the CA certificate private key in PFK format to the folder C:\ProgramData\Eurotherm\Reviewer\OpcUaServer\pki\own\private.

   Note:  The CA public key file is not used directly by the Reviewer OPC UA server. This must be installed on the client PC.

   Note:  The open-source tool opensll can be used to convert files between der and pfx format.

   OPC UA Client(s)

   OPC UA client(s) can use an anonymous authentication method to connect to a Data Reviewer OPC UA Server.

   On first connection attempt, the client certificates will appear in the list as not trusted, and the connection will be unsuccessful. To allow connection, click the Trust button. Clicking the Reject button will untrust the certificate and prevent the connection.

   Once trusted, to connect to the Data Reviewer OPC UA server via an anonymous connection, click the Link to user button. In the Users dialog box, you can search for a user and link it to the selected client certificate. The same user account will be used for all anonymous connections in the future.

   User Certificates Tab

   OPC UA client(s) can use a user certificate authentication method to connect to a Data Reviewer OPC UA Server.

   On first connection attempt, the user certificates will appear in the list as not trusted, and the connection will be unsuccessful. To allow connection, click the Trust button. Clicking the Reject button will untrust the certificate and prevent the connection.

   Once trusted, to connect to the Data Reviewer OPC UA server via a user certificate, click the Link to user button. In the Users dialog box, you can search for a user and link it to the selected user certificate. The same user account will be used for all user certificate connections in the future.

   Note:  To allow user certificates, both the OPC UA client certificate and the user certificate must be trusted.

   Note:  When you use user certificates, there is one certificate per user using the same OPC UA client and the connection will be trusted using different users on the Data Reviewer.

For more information on the clients connections, instruments and channels supported by the OPC UA server, read OPC UA Documentation .