Skip to main content

Establishing the Connection of a Data Source OPC UA Client to an OPC UA Server

. Requirement:

  • An OPC UA Server is available. For a description of the OPC UA Server, which is included in the standard installation of CODESYS, see OPC UA Server.

  • You have installed the CODESYS Security Agent add-on in CODESYS.

  • CODESYS is open.

  • The Allow anonymous login option is selected for your controller in the Change Communication Policy dialog of the device editor (Communication Settings tab, Change Communication Policy command, Device menu). Or the user management has been explicitly disabled (for example, by switching to Optional user management in the Change Communication Policy dialog and then Reset Origin).

  • NOTE: When a user management is active on the controller, a login with user name and password is required for a connection from the client to the OPC UA Server. In the case that the communication is established via a data source, see the User name setting below Authentication in the data source editor.

  1. Start the OPC UA Server.

  2. Create a new CODESYS project.

  3. Add a Data Sources Manager object to the application.

  4. Add a Data Source OPC UA-Server to the Data Sources Manager.

    The Datasource dialog opens.

  5. In the Initialize Data Source dialog, configure the data source for communication in the following.

    Tip

    With the option Read Connection Settings from IEC Variable option, you can dynamically configure the connection settings instead of defining them here in the dialog. For more information, see: Using a Dynamic Connection to an OPC UA Server

    The settings from this dialog are reflected accordingly on the Communication tab of the data source manager:

    • For Where to find the server layout, define how the information about the existing variables and types should be detected. When you select the Browse Live Server option, the OPC UA Client connects to the OPC UA Server for this purpose and reads the information there. When you select From Information Model, the client reads the same information from an installed information model and does not require a running OPC UA Server to do this.

    • For Server URL, specify the URL of the started OPC UA Server.

    • Click the Show All Endpoints button to open the Available Endpoints dialog.

    • Select an endpoint which defines an Encrypt & Sign message security mode and a corresponding security strategy. After the dialog is closed, these settings are transferred to the Security section of the Initialize Data Source dialog.

    • Choose a suitable Client certificate to access the server for browsing purposes. If a certificate is not available for selection yet, then you can have one generated immediately. To do this, click the _comm_icon_create_certificate.png button to open the Generate self-signed certificate dialog. Define a password for your private key and a file name for the certificate. When you click OK, the certificate is generated and automatically entered into the certificate store. The *.cer and *.pfx certificate files are stored with the project file. As a result, you can "give" the certificate with the public key (*.cer) to the server so that it "knows" the certificate. You can also share the private key (*.pfx) to make the project usable on another machine (for browsing).

      Note that this certificate can be used only for browsing the server for variables and data types. An additional certificate is required for data exchange in online mode. Its creation is described below.

  6. Click Next. Now the client scans the OPC UA Server to find the variables and types of the OPC UA Server. The OPC UA Server has to be in online mode to do this.

  7. Now select one or more variables.

    These variables can be exchanged later via encrypted communication between the OPC UA Client and the OPC UA Server. For the variables, components are created in the Devices view, in the DataSources_Objects folder. The variables can be used in the application.

    Note: As long as no value has been read, the variables have their default value according to IEC. For more information, see: Default initialization values

  8. In the next steps, you create a certificate for the encrypted communication from the OPC UA Client to the OPC UA Server.

  9. Click View → Security Screen.

  10. Switch to the Devices tab.

  11. In the view on the left, select the controller.

    In the right view, all services of the controller are displayed which require a certificate.

  12. Select the service CmpOPCUAClient.

  13. Create a new certificate for the device. To do this, click the _cds_img_create_certificate.png icon.

    The Certificate Settings dialog opens.

  14. Define the certificate parameters and click OK to close the dialog.

    The certificate is created on the controller.

  15. Click the _csa_icon_upload_cert.png button and save the certificate to the local file directory of the OPC UA Server, in the certs folder.

    Now when you restart the OPC UA Server, it will recognize the client certificate. The server sends its certificate to the client. In the following steps, this certificate will be made "trusted" to the client.

  16. To do this, in the Security Screen view, on the Devices tab, click the Certificates in Quarantine folder in the left area.

    The certificate is displayed in the right area.

  17. Drag this certificate to the Trusted Certificates folder.

    Now the server certificate is "trusted" by the client.

  18. Now when you connect to the controller and the application starts, the data source variables of the OPC UA Client can be exchanged with the OPC UA Server via the encrypted connection.

For more information, see: Tab: Communication, via OPC UA Server and OPC UA Server

: