Configure the URL, Certificate, and Authentication Properties

Use the following properties on the Server tab of the OPC UA Server Form to configure the server URL, certificate, and authentication properties:

• Server URL—Use to specify the URL of the OPC UA server.

  If you do not use OPC UA Discovery Server items in your database, specify the URL manually in the Server URL field.

  If you use OPC UA Discovery Server items in your database, you can either specify the URL manually, or select from a list of OPC UA servers. Use the browse button to display a Reference browse window and then select the required entry from the window. The entries that are listed comprise the OPC UA compatible servers that have registered their availability with the discovery server(s) for which valid OPC UA Discovery Server items exist in the Geo SCADA Expert database. (Provided that those OPC UA Discovery Server items are, or have been, in communications with the discovery server(s) with which the OPC UA servers have registered their availability.)

  Example that demonstrates the use of the Reference window:

   

  A particular Geo SCADA Expert system includes three OPC UA Discovery Server items. These are named DS1, DS2, and DS3 in the database.

  On the Form of an OPC UA Server, a configuration engineer uses the browse button next to the Server URL field to display a Reference window from which they intend selecting the relevant OPC UA server (the one to which the database item is to relate).

  The Reference browse window that gets displayed when the browse button is selected lists the 3 discover servers to which Geo SCADA Expert is configured to connect:

  

  The OPC UA server that the database item is to represent connects to the DS2 discovery server, so the engineer expands the DS2 branch in the Reference window in order to locate and select the required OPC UA server entry.

  Notice that a diagnostic indicator overlays the DS1 entry. This indicates that Geo SCADA Expert was unable to connect to the DS1 discovery server at the time that it attempted to perform the discovery. With this situation, you can either enter the URL of the relevant OPC UA server manually in the Server URL field, or wait until the connection to the discovery server is reestablished and then select the required entry from the Reference window.

  The Reference window will be unpopulated if:

  • No OPC UA Discovery Server items exist in your database

  • OPC UA Discovery Server items exist in the database, but have invalid configuration or have never been in communication with the discovery server to which they are configured to connect (see Configure an OPC UA Discovery Server).

• Check Server Certificate—Use this check box to specify whether Geo SCADA Expert is to authenticate the certificate of the OPC UA server when connecting to that server.

  Select the check box if, when establishing a connection, Geo SCADA Expert is required to verify the certificate that it receives from the OPC UA server.

  Clear the check box (the default) if authentication of the OPC UA server's certificate is not required when Geo SCADA Expert connects to that server. You might still need to specify suitable User Authentication criteria (see Identity below) in order to establish a connection to the OPC UA server.

• Server Certificate—This property only applies when the Check Server Certificate check box is selected.

  With communications for which Geo SCADA Expert is to check the authenticity of the OPC UA server's certificate, you first need to import that certificate into the Geo SCADA Expert database. You use an SSL Certificate database item to import and store the certificate in the database (see SSL Certificates for Driver Communications).

  Use the browse button next to the Server Certificate field to display a Reference browse window. Use the window to select the SSL Certificate database item that is being used to store the OPC UA server certificate that Geo SCADA Expert is to trust.

• Security Mode—Use to specify the level of security that is required for communications with the OPC UA server. Choose from:

  • None—Communications between Geo SCADA Expert and the OPC UA server are not encrypted. The rest of the fields within the Application Authentication section of the tab are 'grayed out' and unavailable for use. This is the default option.

  • Sign—The sender of the data is authenticated.

  • Sign and Encrypt—The sender of the data is authenticated. Additionally, encryption is used to preserve the confidentiality and integrity of the data.

• Certificate and Private Key—This property only applies when the Security Mode is set to an option other than 'None'.

  With encrypted communications, Geo SCADA Expert sends a client certificate to the OPC UA server as part of the certificate validation process. You use an SSL Certificate and Key database item to store this certificate and its private key in the database (see SSL Certificates for Driver Communications).

  Use the browse button next to the Certificate and Private Key field to display a Reference browse window. Use the window to select the SSL Certificate and Key database item that is being used to store the client certificate that Geo SCADA Expert is to send to the OPC UA server.

• Identity—Use to specify the level of user authentication that is required to establish a connection to the OPC UA server. Choose from:

  • Anonymous—Select this option if the OPC UA server accepts connections from clients (such as Geo SCADA Expert) without requiring the provision of valid user credentials. The rest of the fields within the User Authentication section of the tab are 'grayed out' and unavailable for use.

  • Username and password—Select this option if Geo SCADA Expert has to provide valid user credentials to the OPC UA server in order to communicate with that server.

• Username—Specify the username of a valid user on the OPC UA server. (This field is 'grayed out' and unavailable for use when the Identity is set to 'Anonymous'.)

• Password—Specify the password of the user on the OPC UA server. (This field is 'grayed out' and unavailable for use when the Identity is set to 'Anonymous'.)