Skip to main content

Using a Secure OPC UA Server

If you use the OPC UA Server for the connection to the target device (which is included with CODESYS OPC UA in the standard installation of CODESYS, then you can use the following security measures:

  • Certificate-encrypted data exchange with the client in accordance with the OPC UA Standard (profile: Basic256SHA256). You can generate the certificate via CODESYS Security Agent. It is also possible to use a certificate for the client which is restricted to browsing only. Alternatively, the certificate could also be requested by default via the PLC Shell in the device editor.

    For instructions on configuring and commissioning the OPC UA Server, including the installation of a corresponding certificate, see: OPC UA Server. There you will also find instructions specifically for using the UaExpert client.

  • Security settings for the OPC UA Server. These can be changed in the device editor (Communication Settings tab, Device menu, Security settings command).

    For instructions, see: Configuration and commissioning of the OPC UA Server

  • Use the user and permission management of the controller (settings on the Access Rights tab in the device editor). For anonymous access, change the runtime security policy in the device editor on the Communication Settings tab.

    For instructions, see: User management in OPC UA

  • If data source objects are used to access PLC variables symbolically via the OPC UA Server, then you can define symbol sets which are accessible only to specific user groups. This is done using an IEC Symbol Publishing object.

    For instructions, see: IEC Symbol Set Configuration

: