Skip to main content

Configuration of CODESYS

This section describes how to configure CODESYS in order to communicate with the created Azure resources.

Preparing a project

These instructions are based on the example Using the MQTT Client SL Library.

  1. Install the example Using the MQTT Client SL Library.

  2. Set the example as executable.

    For more information, see the following: Making CODESYS Sample Projects Executable

  3. Make sure that the CODESYS Security Agent add-on exists in your CODESYS installation.

Reading a thumbprint

In Azure, in order to enter a thumbprint for a client identity, the thumbprint must be read from the certificate of a controller.

  1. To do this, open the Security Agent and navigate to the Devices tab.

  2. Select Own Certificates.

  3. Double-click the certificate of your device.

    The certificate is usually named Encrypted Communication and is characterized by the fact that the Issued for and Issued by properties both match the device name (→ self-signed certificate).

    A Windows certificate properties window opens.

  4. Navigate to the Details tab of the properties window.

  5. Find the Thumbprint property (usually the last entry in the table) and select it.

  6. Now from the lower text field of the window, you can copy the thumbprint of the certificate for later use.

Configuring the TLS context

In the declaration section of the main program PRG, you will find a commented-out declaration for a TLS context which is intended for the use of client certificates. Uncomment this declaration and adapt the following assignments:

  1. Open the main program PRG.

  2. Search for a commented-out declaration for a TLS context which is intended for the use of client certificates. Uncomment this declaration and adapt the following assignments.

    Parameter

    Example Value

    Description

    _sCommonName

    Device name of your controller

    The "Common Name" (CN) of the certificate. For the self-signed device certificate of your PLC, it matches the device name.

    _sTLSVersion

    1.3

    Azure Event Grid supports TLS versions 1.2 and 1.3.

    For more information, see the following: Help page of Microsoft Azure.

    sHostname

    <MQTT Hostname>

    The MQTT hostname of the broker within the Event Grid namespace.

    You can read your hostname as described in the "MQTT Hostname" section and insert it here.

    udiVerificationMode

    1

    1 := No peer verification

    For more information, see the TLSContext function block.

  3. Under the preconfigured, simplified TLS context, look for the line itfTlsContext : NBS.ITLSContext := tlsContext;

    Move this line below the newly declared TLSContext and adapt the assignment to := _tlsContext.

    Now the MQTTClient function block uses your configured TLS context instead of the preconfigured TLS context in the sample project.

Setting the timeout for MQTTClient

  1. Open the main program PRG.

  2. In the declaration section, add a new timeout variable.

  3. Link the timeout variable in the CFC editor to the udiTimeOut input of the MQTTClient function block in order to set a timeout when establishing a connection.Alternatively, you can also connect a numeric literal (for example, 3000000) directly to the input.

    If you do not set the timeout, then the client will never enter an error state if the connection cannot be established.

Tip

A timeout period for the MQTTClient function block is specified in microseconds. If you encounter an error TCP_INIT_ERROR later when testing, then first check the configured timeout value and set it to a higher value, if necessary.

Declaration example:

udiTimeout : UDINT := 3000000; // µs -> 3s

Now the CODESYS client is prepared for specific connection parameterization.

In this section: